@friggframework/devtools 2.0.0--canary.461.4befc43.0 → 2.0.0--canary.461.637e5e4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/infrastructure/domains/database/aurora-builder.js +16 -0
  2. package/infrastructure/domains/database/aurora-builder.test.js +27 -0
  3. package/infrastructure/domains/database/aurora-discovery.js +6 -0
  4. package/infrastructure/domains/shared/providers/aws-provider-adapter.js +3 -0
  5. package/package.json +6 -6
package/infrastructure/domains/database/aurora-builder.js CHANGED
@@ -281,6 +281,22 @@ class AuroraBuilder extends InfrastructureBuilder {
281
281
  });
282
282
  }
283
283
 
284
+ // Add security group ingress rule to allow Lambda to connect to Aurora
285
+ if (discoveredResources.auroraSecurityGroupId) {
286
+ result.resources.FriggAuroraIngressRule = {
287
+ Type: 'AWS::EC2::SecurityGroupIngress',
288
+ Properties: {
289
+ GroupId: discoveredResources.auroraSecurityGroupId,
290
+ IpProtocol: 'tcp',
291
+ FromPort: discoveredResources.auroraPort || 5432,
292
+ ToPort: discoveredResources.auroraPort || 5432,
293
+ SourceSecurityGroupId: { Ref: 'FriggLambdaSecurityGroup' },
294
+ Description: 'Allow Lambda functions to connect to Aurora PostgreSQL',
295
+ },
296
+ };
297
+ console.log(` ✅ Added security group ingress rule for Lambda → Aurora connectivity`);
298
+ }
299
+
284
300
  console.log(` ✅ Discovered cluster configuration complete`);
285
301
  }
286
302
 
package/infrastructure/domains/database/aurora-builder.test.js CHANGED
@@ -316,6 +316,33 @@ describe('AuroraBuilder', () => {
316
316
  expect(secretPermission).toBeDefined();
317
317
  expect(secretPermission.Resource).toBe('arn:aws:secretsmanager:us-east-1:123:secret:db');
318
318
  });
319
+
320
+ it('should add security group ingress rule for Lambda to Aurora connectivity', async () => {
321
+ const appDefinition = {
322
+ database: {
323
+ postgres: {
324
+ enable: true,
325
+ management: 'discover',
326
+ },
327
+ },
328
+ };
329
+
330
+ const discoveredResources = {
331
+ auroraClusterEndpoint: 'cluster.abc.us-east-1.rds.amazonaws.com',
332
+ auroraPort: 5432,
333
+ auroraSecurityGroupId: 'sg-aurora123',
334
+ };
335
+
336
+ const result = await auroraBuilder.build(appDefinition, discoveredResources);
337
+
338
+ expect(result.resources.FriggAuroraIngressRule).toBeDefined();
339
+ expect(result.resources.FriggAuroraIngressRule.Type).toBe('AWS::EC2::SecurityGroupIngress');
340
+ expect(result.resources.FriggAuroraIngressRule.Properties.GroupId).toBe('sg-aurora123');
341
+ expect(result.resources.FriggAuroraIngressRule.Properties.IpProtocol).toBe('tcp');
342
+ expect(result.resources.FriggAuroraIngressRule.Properties.FromPort).toBe(5432);
343
+ expect(result.resources.FriggAuroraIngressRule.Properties.ToPort).toBe(5432);
344
+ expect(result.resources.FriggAuroraIngressRule.Properties.SourceSecurityGroupId).toEqual({ Ref: 'FriggLambdaSecurityGroup' });
345
+ });
319
346
  });
320
347
 
321
348
  describe('build() - create-new mode', () => {
package/infrastructure/domains/database/aurora-discovery.js CHANGED
@@ -49,6 +49,12 @@ class AuroraDiscovery {
49
49
  result.databasePort = rawResources.port || 5432;
50
50
  result.auroraEngine = rawResources.engine || 'aurora-postgresql';
51
51
  result.databaseEngine = rawResources.engine || 'aurora-postgresql';
52
+
53
+ // Capture security group IDs
54
+ if (rawResources.securityGroupIds && rawResources.securityGroupIds.length > 0) {
55
+ result.auroraSecurityGroupId = rawResources.securityGroupIds[0]; // Use first security group
56
+ console.log(` ✓ Found security group: ${result.auroraSecurityGroupId}`);
57
+ }
52
58
 
53
59
  console.log(` ✓ Found database: ${result.auroraClusterEndpoint}:${result.auroraPort}`);
54
60
  console.log(` ✓ Engine: ${result.auroraEngine}`);
package/infrastructure/domains/shared/providers/aws-provider-adapter.js CHANGED
@@ -343,6 +343,7 @@ class AWSProviderAdapter extends CloudProviderAdapter {
343
343
  endpoint: null,
344
344
  port: null,
345
345
  engine: null,
346
+ securityGroupIds: [],
346
347
  };
347
348
 
348
349
  try {
@@ -361,6 +362,7 @@ class AWSProviderAdapter extends CloudProviderAdapter {
361
362
  result.endpoint = cluster.Endpoint;
362
363
  result.port = cluster.Port;
363
364
  result.engine = cluster.Engine;
365
+ result.securityGroupIds = (cluster.VpcSecurityGroups || []).map(sg => sg.VpcSecurityGroupId);
364
366
  }
365
367
  } else if (result.clusters.length > 0) {
366
368
  // Use first available cluster
@@ -368,6 +370,7 @@ class AWSProviderAdapter extends CloudProviderAdapter {
368
370
  result.endpoint = cluster.Endpoint;
369
371
  result.port = cluster.Port;
370
372
  result.engine = cluster.Engine;
373
+ result.securityGroupIds = (cluster.VpcSecurityGroups || []).map(sg => sg.VpcSecurityGroupId);
371
374
  }
372
375
  }
373
376
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@friggframework/devtools",
3
3
  "prettier": "@friggframework/prettier-config",
4
- "version": "2.0.0--canary.461.4befc43.0",
4
+ "version": "2.0.0--canary.461.637e5e4.0",
5
5
  "dependencies": {
6
6
  "@aws-sdk/client-ec2": "^3.835.0",
7
7
  "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
11
11
  "@babel/eslint-parser": "^7.18.9",
12
12
  "@babel/parser": "^7.25.3",
13
13
  "@babel/traverse": "^7.25.3",
14
- "@friggframework/schemas": "2.0.0--canary.461.4befc43.0",
15
- "@friggframework/test": "2.0.0--canary.461.4befc43.0",
14
+ "@friggframework/schemas": "2.0.0--canary.461.637e5e4.0",
15
+ "@friggframework/test": "2.0.0--canary.461.637e5e4.0",
16
16
  "@hapi/boom": "^10.0.1",
17
17
  "@inquirer/prompts": "^5.3.8",
18
18
  "axios": "^1.7.2",
@@ -34,8 +34,8 @@
34
34
  "serverless-http": "^2.7.0"
35
35
  },
36
36
  "devDependencies": {
37
- "@friggframework/eslint-config": "2.0.0--canary.461.4befc43.0",
38
- "@friggframework/prettier-config": "2.0.0--canary.461.4befc43.0",
37
+ "@friggframework/eslint-config": "2.0.0--canary.461.637e5e4.0",
38
+ "@friggframework/prettier-config": "2.0.0--canary.461.637e5e4.0",
39
39
  "aws-sdk-client-mock": "^4.1.0",
40
40
  "aws-sdk-client-mock-jest": "^4.1.0",
41
41
  "jest": "^30.1.3",
@@ -70,5 +70,5 @@
70
70
  "publishConfig": {
71
71
  "access": "public"
72
72
  },
73
- "gitHead": "4befc431d03b0f8100614729fe9ea3d6725a3bfa"
73
+ "gitHead": "637e5e421b5de0794ae99dc8a6578726dfd97f27"
74
74
  }