npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.461.9f988ca.0 → 2.0.0--canary.461.ae78cad.0 - Mend

@friggframework/devtools 2.0.0--canary.461.9f988ca.0 → 2.0.0--canary.461.ae78cad.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/infrastructure/domains/networking/vpc-builder.js +31 -6
package/infrastructure/domains/networking/vpc-builder.test.js +108 -2
package/package.json +6 -6

package/infrastructure/domains/networking/vpc-builder.js CHANGED Viewed

@@ -110,7 +110,23 @@ class VpcBuilder extends InfrastructureBuilder {
             Resource: '*',
         });
-        const management = appDefinition.vpc.management || 'discover';
+        // Normalize shareAcrossStages into management mode
+        // This provides a simpler API for users while maintaining backwards compatibility
+        let management = appDefinition.vpc.management;
+        if (!management && appDefinition.vpc.shareAcrossStages !== undefined) {
+            // Explicit shareAcrossStages setting overrides default
+            management = appDefinition.vpc.shareAcrossStages ? 'discover' : 'create-new';
+            console.log(`  VPC Sharing: ${appDefinition.vpc.shareAcrossStages ? 'shared' : 'isolated'} (translated to ${management})`);
+            // When creating isolated VPC, also create isolated NAT Gateway
+            if (!appDefinition.vpc.shareAcrossStages && !appDefinition.vpc.natGateway?.management) {
+                appDefinition.vpc.natGateway = appDefinition.vpc.natGateway || {};
+                appDefinition.vpc.natGateway.management = 'createAndManage';
+                console.log(`  NAT Gateway: creating isolated NAT (shareAcrossStages=false)`);
+            }
+        } else {
+            management = management || 'discover'; // Default to sharing for backwards compatibility
+        }
         console.log(`  VPC Management Mode: ${management}`);
         // Handle self-healing if enabled
@@ -372,10 +388,17 @@ class VpcBuilder extends InfrastructureBuilder {
      */
     async buildSubnets(appDefinition, discoveredResources, result) {
         const vpcManagement = appDefinition.vpc.management || 'discover';
-        const defaultSubnetManagement = vpcManagement === 'create-new' ? 'create' : 'discover';
+        // Default subnet management depends on context:
+        // - use-existing mode with subnet IDs provided: use-existing
+        // - create-new mode: create
+        // - discover mode: create (for stage isolation)
+        let defaultSubnetManagement = 'create';
+        if (vpcManagement === 'use-existing' && appDefinition.vpc.subnets?.ids?.length >= 2) {
+            defaultSubnetManagement = 'use-existing';
+        }
         const subnetManagement = appDefinition.vpc.subnets?.management || defaultSubnetManagement;
-        console.log(`  Subnet Management Mode: ${subnetManagement}`);
+        console.log(`  Subnet Management Mode: ${subnetManagement} (default: ${defaultSubnetManagement}, explicit: ${appDefinition.vpc.subnets?.management})`);
         switch (subnetManagement) {
             case 'create':
@@ -508,17 +531,19 @@ class VpcBuilder extends InfrastructureBuilder {
             return;
         }
-        // Use discovered subnets
+        // User explicitly set subnets.management: 'discover', so use discovered subnets
+        // NOTE: This may cause route table conflicts if multiple stages share subnets
+        // Default behavior is now to create stage-specific subnets (subnets.management: 'create')
         if (discoveredResources.privateSubnetId1 && discoveredResources.privateSubnetId2) {
             result.vpcConfig.subnetIds = [
                 discoveredResources.privateSubnetId1,
                 discoveredResources.privateSubnetId2,
             ];
-            console.log('    ✅ Discovered 2 private subnets');
+            console.log('    ✅ Using discovered subnets (backwards compatibility mode)');
             return;
         }
-        // Fallback: create if self-heal enabled
+        // No subnets found - create if self-heal enabled
         if (appDefinition.vpc.selfHeal) {
             console.log('    ⚠️  No subnets found - self-heal will create them');
             this.createSubnets(appDefinition, discoveredResources, result, 'discover');

package/infrastructure/domains/networking/vpc-builder.test.js CHANGED Viewed

@@ -241,7 +241,7 @@ describe('VpcBuilder', () => {
     });
     describe('build() - discover mode', () => {
-        it('should use discovered VPC resources', async () => {
+        it('should use discovered VPC but create stage-specific subnets by default', async () => {
             const appDefinition = {
                 vpc: {
                     enable: true,
@@ -251,6 +251,7 @@ describe('VpcBuilder', () => {
             const discoveredResources = {
                 defaultVpcId: 'vpc-discovered',
+                // Even though subnets are discovered, we should create new ones for stage isolation
                 privateSubnetId1: 'subnet-private1',
                 privateSubnetId2: 'subnet-private2',
                 defaultSecurityGroupId: 'sg-discovered',
@@ -258,13 +259,43 @@ describe('VpcBuilder', () => {
             const result = await vpcBuilder.build(appDefinition, discoveredResources);
-            expect(result.vpcConfig.subnetIds).toEqual(['subnet-private1', 'subnet-private2']);
+            // NEW BEHAVIOR: Create stage-specific subnets for isolation (prevent route table conflicts)
+            expect(result.vpcConfig.subnetIds).toEqual([
+                { Ref: 'FriggPrivateSubnet1' },
+                { Ref: 'FriggPrivateSubnet2' },
+            ]);
+            expect(result.resources.FriggPrivateSubnet1).toBeDefined();
+            expect(result.resources.FriggPrivateSubnet2).toBeDefined();
             // In discover mode, we create FriggLambdaSecurityGroup in the discovered VPC
             expect(result.vpcConfig.securityGroupIds).toEqual([{ Ref: 'FriggLambdaSecurityGroup' }]);
             expect(result.resources.FriggLambdaSecurityGroup).toBeDefined();
             expect(result.resources.FriggLambdaSecurityGroup.Properties.VpcId).toBe('vpc-discovered');
         });
+        it('should allow sharing discovered subnets when explicitly configured', async () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    management: 'discover',
+                    subnets: {
+                        management: 'discover', // Explicitly opt-in to subnet sharing
+                    },
+                },
+            };
+            const discoveredResources = {
+                defaultVpcId: 'vpc-discovered',
+                privateSubnetId1: 'subnet-shared-1',
+                privateSubnetId2: 'subnet-shared-2',
+            };
+            const result = await vpcBuilder.build(appDefinition, discoveredResources);
+            // OLD BEHAVIOR: When explicitly set to 'discover', reuse discovered subnets
+            expect(result.vpcConfig.subnetIds).toEqual(['subnet-shared-1', 'subnet-shared-2']);
+            expect(result.resources.FriggPrivateSubnet1).toBeUndefined();
+        });
         it('should create VPC endpoints in discover mode with selfHeal when none exist', async () => {
             const appDefinition = {
                 vpc: {
@@ -778,6 +809,81 @@ describe('VpcBuilder', () => {
         });
     });
+    describe('VPC Sharing Control', () => {
+        it('should share VPC across stages when shareAcrossStages is true (default)', async () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    shareAcrossStages: true, // Explicit opt-in to sharing
+                },
+            };
+            const discoveredResources = {
+                defaultVpcId: 'vpc-shared',
+                natGatewayId: 'nat-shared',
+            };
+            const result = await vpcBuilder.build(appDefinition, discoveredResources);
+            // Should use discovered VPC (not create new one)
+            expect(result.vpcId).toBe('vpc-shared');
+            expect(result.resources.FriggVPC).toBeUndefined();
+            // Should create stage-specific subnets for isolation
+            expect(result.resources.FriggPrivateSubnet1).toBeDefined();
+            expect(result.resources.FriggPrivateSubnet2).toBeDefined();
+            // Should reuse discovered NAT Gateway
+            expect(result.resources.FriggNATGateway).toBeUndefined();
+        });
+        it('should create isolated VPC when shareAcrossStages is false', async () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    shareAcrossStages: false, // Explicit opt-out of sharing
+                },
+            };
+            const discoveredResources = {
+                defaultVpcId: 'vpc-shared',
+                natGatewayId: 'nat-shared',
+            };
+            const result = await vpcBuilder.build(appDefinition, discoveredResources);
+            // Should create new VPC (ignore discovered resources)
+            expect(result.vpcId).toEqual({ Ref: 'FriggVPC' });
+            expect(result.resources.FriggVPC).toBeDefined();
+            // Should create stage-specific subnets
+            expect(result.resources.FriggPrivateSubnet1).toBeDefined();
+            expect(result.resources.FriggPrivateSubnet2).toBeDefined();
+            // Should create new NAT Gateway
+            expect(result.resources.FriggNATGateway).toBeDefined();
+        });
+        it('should default to shared VPC when shareAcrossStages is not specified', async () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    // shareAcrossStages not specified - should default to true
+                },
+            };
+            const discoveredResources = {
+                defaultVpcId: 'vpc-discovered',
+            };
+            const result = await vpcBuilder.build(appDefinition, discoveredResources);
+            // Should use discovered VPC by default (backwards compatibility)
+            expect(result.vpcId).toBe('vpc-discovered');
+            expect(result.resources.FriggVPC).toBeUndefined();
+        });
+    });
     describe('Outputs', () => {
         it.skip('should generate VPC ID output', async () => {
             const appDefinition = {

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.461.9f988ca.0",
+  "version": "2.0.0--canary.461.ae78cad.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.461.9f988ca.0",
-    "@friggframework/test": "2.0.0--canary.461.9f988ca.0",
+    "@friggframework/schemas": "2.0.0--canary.461.ae78cad.0",
+    "@friggframework/test": "2.0.0--canary.461.ae78cad.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -34,8 +34,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.461.9f988ca.0",
-    "@friggframework/prettier-config": "2.0.0--canary.461.9f988ca.0",
+    "@friggframework/eslint-config": "2.0.0--canary.461.ae78cad.0",
+    "@friggframework/prettier-config": "2.0.0--canary.461.ae78cad.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -70,5 +70,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "9f988cad38fe00d1953292ea77dbcd46da275f23"
+  "gitHead": "ae78cad00740f759a7a99f5e6565bdfbea31b01e"
 }