npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.461.7c8f1c6.0 → 2.0.0--canary.461.4c872e7.0 - Mend

@friggframework/devtools 2.0.0--canary.461.7c8f1c6.0 → 2.0.0--canary.461.4c872e7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/infrastructure/domains/database/migration-builder.js CHANGED Viewed

@@ -62,6 +62,8 @@ class MigrationBuilder extends InfrastructureBuilder {
         // Create S3 bucket for migration status tracking
         result.resources.FriggMigrationStatusBucket = {
             Type: 'AWS::S3::Bucket',
+            DeletionPolicy: 'Retain', // Protect migration history during stack rollbacks/deletions
+            UpdateReplacePolicy: 'Retain', // Protect during stack updates that require replacement
             Properties: {
                 BucketName: '${self:service}-${self:provider.stage}-migration-status',
                 VersioningConfiguration: {
@@ -318,6 +320,8 @@ class MigrationBuilder extends InfrastructureBuilder {
         // Add IAM permissions for S3 (migration status storage)
         // Migration functions need to read/write migration status in S3
         // to avoid chicken-and-egg dependency on User/Process tables
+        // Object-level permissions (put, get, delete)
         result.iamStatements.push({
             Effect: 'Allow',
             Action: [
@@ -336,6 +340,13 @@ class MigrationBuilder extends InfrastructureBuilder {
             },
         });
+        // Bucket-level permissions (list objects, needed to check if migration status exists)
+        result.iamStatements.push({
+            Effect: 'Allow',
+            Action: ['s3:ListBucket'],
+            Resource: { 'Fn::GetAtt': ['FriggMigrationStatusBucket', 'Arn'] },
+        });
         console.log('  ✓ Added S3 IAM permissions for migration status tracking');
         console.log(`[${this.name}] ✅ Migration infrastructure configuration completed`);

package/infrastructure/domains/database/migration-builder.test.js CHANGED Viewed

@@ -246,6 +246,42 @@ describe('MigrationBuilder', () => {
             });
         });
+        it('should add S3 IAM permissions including ListBucket', async () => {
+            const appDef = {
+                database: {
+                    postgres: {
+                        enable: true,
+                    },
+                },
+            };
+            const result = await builder.build(appDef, {});
+            // Should have object-level permissions
+            expect(result.iamStatements).toContainEqual(
+                expect.objectContaining({
+                    Effect: 'Allow',
+                    Action: expect.arrayContaining([
+                        's3:PutObject',
+                        's3:GetObject',
+                        's3:DeleteObject',
+                    ]),
+                    Resource: expect.objectContaining({
+                        'Fn::Join': expect.anything(),
+                    }),
+                })
+            );
+            // Should have bucket-level ListBucket permission (needed to check if objects exist)
+            expect(result.iamStatements).toContainEqual(
+                expect.objectContaining({
+                    Effect: 'Allow',
+                    Action: ['s3:ListBucket'],
+                    Resource: { 'Fn::GetAtt': ['FriggMigrationStatusBucket', 'Arn'] },
+                })
+            );
+        });
         it('should only include Prisma layer in worker (router doesn\'t need database)', async () => {
             const appDef = {
                 database: {

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.461.7c8f1c6.0",
+  "version": "2.0.0--canary.461.4c872e7.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.461.7c8f1c6.0",
-    "@friggframework/test": "2.0.0--canary.461.7c8f1c6.0",
+    "@friggframework/schemas": "2.0.0--canary.461.4c872e7.0",
+    "@friggframework/test": "2.0.0--canary.461.4c872e7.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -34,8 +34,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.461.7c8f1c6.0",
-    "@friggframework/prettier-config": "2.0.0--canary.461.7c8f1c6.0",
+    "@friggframework/eslint-config": "2.0.0--canary.461.4c872e7.0",
+    "@friggframework/prettier-config": "2.0.0--canary.461.4c872e7.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -70,5 +70,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "7c8f1c667adf2fe7cd8e70b1dc3120414fed24b9"
+  "gitHead": "4c872e770d1fddbd8689bf5ec2e26b6d21ae1d2f"
 }