@friggframework/devtools 2.0.0--canary.474.898a56c.0 → 2.0.0--canary.474.a794ea3.0

package/infrastructure/domains/health/domain/services/import-progress-monitor.js

@@ -0,0 +1,195 @@
+/**
+ * ImportProgressMonitor - Monitor CloudFormation Import Operation Progress
+ *
+ * Domain Layer - Service
+ *
+ * Monitors CloudFormation import operations by polling stack events and tracking
+ * resource import progress. Provides real-time progress callbacks and detects
+ * failures, rollbacks, and timeouts.
+ *
+ * Responsibilities:
+ * - Poll CloudFormation stack events during import
+ * - Track progress per resource (IN_PROGRESS, COMPLETE, FAILED)
+ * - Detect stack rollback states
+ * - Timeout after 5 minutes
+ * - Provide progress callbacks for UI updates
+ */
+
+class ImportProgressMonitor {
+  /**
+   * Create progress monitor with CloudFormation repository dependency
+   *
+   * @param {Object} params
+   * @param {Object} params.cloudFormationRepository - CloudFormation operations
+   */
+  constructor({ cloudFormationRepository }) {
+    if (!cloudFormationRepository) {
+      throw new Error('cloudFormationRepository is required');
+    }
+    this.cfRepo = cloudFormationRepository;
+  }
+
+  /**
+   * Monitor import operation progress
+   *
+   * Polls CloudFormation stack events every 2 seconds to track resource import progress.
+   * Calls onProgress callback with status updates for each resource.
+   * Detects failures, rollbacks, and timeouts.
+   *
+   * @param {Object} params
+   * @param {Object} params.stackIdentifier - Stack identifier { stackName, region }
+   * @param {Array<string>} params.resourceLogicalIds - Logical IDs to track
+   * @param {Function} params.onProgress - Progress callback function
+   * @returns {Promise<Object>} Import result
+   */
+  async monitorImport({ stackIdentifier, resourceLogicalIds, onProgress }) {
+    const importedResources = new Set();
+    const failedResources = [];
+    const processedEvents = new Set(); // Track processed events by timestamp + logicalId
+    let elapsedTime = 0; // Track elapsed time manually for fake timers compatibility
+    const TIMEOUT_MS = 300000; // 5 minutes
+    const POLL_INTERVAL_MS = 2000; // 2 seconds
+
+    // Continue polling until all resources are complete or failed
+    while (
+      importedResources.size + failedResources.length <
+      resourceLogicalIds.length
+    ) {
+      // Wait 2 seconds before polling
+      await this._delay(POLL_INTERVAL_MS);
+      elapsedTime += POLL_INTERVAL_MS;
+
+      // Check for timeout
+      if (elapsedTime > TIMEOUT_MS) {
+        throw new Error('Import operation timed out');
+      }
+
+      // Get stack events
+      const events = await this.cfRepo.getStackEvents({
+        stackIdentifier,
+      });
+
+      // Sort events by timestamp (oldest first) for consistent processing
+      const sortedEvents = [...events].sort(
+        (a, b) => new Date(a.Timestamp) - new Date(b.Timestamp)
+      );
+
+      // Track if we processed any new events in this iteration
+      let processedNewEvents = false;
+
+      // Process events for tracked resources
+      for (const event of sortedEvents) {
+        const logicalId = event.LogicalResourceId;
+
+        // Skip if not a tracked resource
+        if (!resourceLogicalIds.includes(logicalId)) {
+          continue;
+        }
+
+        // Create unique event key to avoid duplicate processing
+        const eventKey = `${event.Timestamp.toISOString()}_${logicalId}_${event.ResourceStatus}`;
+
+        // Skip if already processed
+        if (processedEvents.has(eventKey)) {
+          continue;
+        }
+
+        processedEvents.add(eventKey);
+        processedNewEvents = true;
+
+        // Handle different resource statuses
+        if (event.ResourceStatus === 'IMPORT_IN_PROGRESS') {
+          // Call progress callback with IN_PROGRESS status
+          if (onProgress) {
+            onProgress({
+              logicalId,
+              status: 'IN_PROGRESS',
+            });
+          }
+        } else if (event.ResourceStatus === 'IMPORT_COMPLETE' || event.ResourceStatus === 'UPDATE_COMPLETE') {
+          // Mark resource as imported
+          // Note: CloudFormation sends IMPORT_COMPLETE then UPDATE_COMPLETE (for tagging)
+          // We count either as successfully imported
+          importedResources.add(logicalId);
+
+          // Call progress callback with COMPLETE status
+          if (onProgress) {
+            onProgress({
+              logicalId,
+              status: 'COMPLETE',
+              progress: importedResources.size,
+              total: resourceLogicalIds.length,
+            });
+          }
+        } else if (event.ResourceStatus === 'IMPORT_FAILED') {
+          // Add to failed resources
+          const reason = event.ResourceStatusReason || 'Unknown error';
+          failedResources.push({
+            logicalId,
+            reason,
+          });
+
+          // Call progress callback with FAILED status
+          if (onProgress) {
+            onProgress({
+              logicalId,
+              status: 'FAILED',
+              reason,
+            });
+          }
+        }
+      }
+
+      // Check if all resources are now accounted for
+      const allResourcesProcessed =
+        importedResources.size + failedResources.length >=
+        resourceLogicalIds.length;
+
+      // If all resources processed, exit loop to return result
+      if (allResourcesProcessed) {
+        break;
+      }
+
+      // Check stack status AFTER processing events - if rollback in progress, throw
+      const stackStatus = await this.cfRepo.getStackStatus(stackIdentifier);
+      if (stackStatus.includes('ROLLBACK') && stackStatus !== 'IMPORT_ROLLBACK_COMPLETE') {
+        throw new Error('Import operation failed and rolled back');
+      }
+    }
+
+    // Check final stack status before returning
+    const finalStackStatus = await this.cfRepo.getStackStatus(stackIdentifier);
+
+    // If stack rolled back completely and monitoring just finished,
+    // check if we should throw or return
+    if (finalStackStatus.includes('ROLLBACK')) {
+      // If we have any imported resources, return result (partial success)
+      // Otherwise, throw error (complete failure)
+      if (importedResources.size === 0 && failedResources.length > 0) {
+        throw new Error('Import operation failed and rolled back');
+      }
+    }
+
+    // Return result
+    const success = failedResources.length === 0;
+    return {
+      success,
+      importedCount: importedResources.size,
+      failedCount: failedResources.length,
+      failedResources,
+    };
+  }
+
+  /**
+   * Delay helper for polling intervals
+   *
+   * @param {number} ms - Milliseconds to delay
+   * @returns {Promise<void>}
+   * @private
+   */
+  async _delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+}
+
+module.exports = { ImportProgressMonitor };

package/infrastructure/domains/health/domain/services/import-template-generator.js

@@ -0,0 +1,435 @@
+/**
+ * ImportTemplateGenerator - Generate CloudFormation import templates
+ *
+ * Purpose: Generate CloudFormation templates for importing existing resources
+ * by resolving intrinsic functions (!Ref, !Sub, !GetAtt) with actual AWS values
+ * and merging with current stack template.
+ *
+ * Domain Layer - Service
+ */
+
+class ImportTemplateGenerator {
+  /**
+   * Create ImportTemplateGenerator instance
+   * @param {object} dependencies - Service dependencies
+   * @param {object} dependencies.templateParser - Template parsing service
+   * @param {object} dependencies.resourceDetector - AWS resource detection service
+   * @param {object} dependencies.stackRepository - CloudFormation stack repository
+   */
+  constructor({ templateParser, resourceDetector, stackRepository }) {
+    this.templateParser = templateParser;
+    this.resourceDetector = resourceDetector;
+    this.stackRepository = stackRepository;
+  }
+
+  /**
+   * Generate import template by merging build template with AWS state
+   *
+   * Process:
+   * 1. Parse build template to get resource definitions with Refs
+   * 2. Get current stack template (if exists)
+   * 3. For each resource to import:
+   *    - Get AWS resource properties via resourceDetector
+   *    - Generate resource definition with resolved intrinsics
+   *    - Create resource identifier for import operation
+   * 4. Merge with current template (preserve existing resources)
+   *
+   * @param {object} params - Generation parameters
+   * @param {Array} params.resourcesToImport - Resources to import
+   * @param {string} params.buildTemplatePath - Path to build template
+   * @param {object} params.stackIdentifier - Target stack identifier
+   * @returns {Promise<object>} Import template and resource identifiers
+   */
+  async generateImportTemplate({
+    resourcesToImport,
+    buildTemplatePath,
+    stackIdentifier,
+  }) {
+    // 1. Parse build template
+    const buildTemplate = this.templateParser.parseTemplate(buildTemplatePath);
+
+    // 2. Get current stack template (if exists)
+    let currentTemplate;
+    try {
+      currentTemplate = await this.stackRepository.getTemplate(stackIdentifier);
+    } catch (error) {
+      // Stack might not exist yet
+      currentTemplate = { Resources: {} };
+    }
+
+    // 3. For each resource to import, get AWS properties
+    const resourceDefinitions = {};
+    const resourceIdentifiers = [];
+
+    for (const resource of resourcesToImport) {
+      const { logicalId, physicalId, resourceType } = resource;
+
+      // Get current resource state from AWS
+      const awsResourceDetails =
+        await this.resourceDetector.getResourceDetails({
+          resourceType,
+          physicalId,
+          region: stackIdentifier.region,
+        });
+
+      // Generate CloudFormation resource definition
+      const resourceDef = this._generateResourceDefinition({
+        logicalId,
+        resourceType,
+        physicalId,
+        buildTemplate,
+        awsResourceDetails,
+      });
+
+      resourceDefinitions[logicalId] = resourceDef;
+
+      // Generate resource identifier for import
+      resourceIdentifiers.push({
+        ResourceType: resourceType,
+        LogicalResourceId: logicalId,
+        ResourceIdentifier: this._getResourceIdentifier(
+          resourceType,
+          physicalId
+        ),
+      });
+    }
+
+    // 4. Merge with current template (keep existing resources)
+    const importTemplate = {
+      ...currentTemplate,
+      Resources: {
+        ...currentTemplate.Resources,
+        ...resourceDefinitions,
+      },
+    };
+
+    // DEBUG: Write template to file for inspection
+    if (process.env.DEBUG_IMPORT_TEMPLATE === 'true') {
+      const fs = require('fs');
+      const path = require('path');
+      const debugDir = path.join(__dirname, '../../debug');
+
+      // Ensure debug directory exists
+      if (!fs.existsSync(debugDir)) {
+        fs.mkdirSync(debugDir, { recursive: true });
+      }
+
+      const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+      const debugFile = path.join(debugDir, `import-template-${timestamp}.json`);
+
+      const debugData = {
+        stackIdentifier,
+        resourcesToImport,
+        resourceIdentifiers,
+        template: importTemplate,
+        templateSize: JSON.stringify(importTemplate).length,
+        resourceCount: Object.keys(importTemplate.Resources || {}).length,
+      };
+
+      fs.writeFileSync(debugFile, JSON.stringify(debugData, null, 2));
+      console.log(`[DEBUG] Template written to: ${debugFile}`);
+    }
+
+    return {
+      template: importTemplate,
+      resourceIdentifiers,
+    };
+  }
+
+  /**
+   * Generate CloudFormation resource definition from AWS state
+   *
+   * Takes build template definition and resolves all intrinsics
+   * with actual AWS values to create import-ready definition.
+   *
+   * @private
+   * @param {object} params - Generation parameters
+   * @param {string} params.logicalId - CloudFormation logical ID
+   * @param {string} params.resourceType - AWS resource type
+   * @param {string} params.physicalId - AWS physical resource ID
+   * @param {object} params.buildTemplate - Build template with Refs
+   * @param {object} params.awsResourceDetails - Current AWS resource state
+   * @returns {object} CloudFormation resource definition
+   * @throws {Error} If logical ID not found in build template
+   */
+  _generateResourceDefinition({
+    logicalId,
+    resourceType,
+    physicalId,
+    buildTemplate,
+    awsResourceDetails,
+  }) {
+    // Start with build template definition if available
+    const buildResource = buildTemplate.resources?.[logicalId];
+
+    if (!buildResource) {
+      throw new Error(
+        `Logical ID ${logicalId} not found in build template. ` +
+          `Cannot generate import definition without template reference.`
+      );
+    }
+
+    // Resolve intrinsics with actual AWS values
+    const resolvedProperties = this._resolveIntrinsics({
+      properties: buildResource.Properties,
+      awsResourceDetails,
+      resourceType,
+    });
+
+    return {
+      Type: resourceType,
+      Properties: resolvedProperties,
+      DeletionPolicy: 'Retain', // Required for CloudFormation IMPORT operations
+      UpdateReplacePolicy: 'Retain', // Protects old resources during stack updates
+    };
+  }
+
+  /**
+   * Resolve CloudFormation intrinsics in properties
+   *
+   * Processes all properties and resolves intrinsic functions
+   * (!Ref, !Sub, !GetAtt) with actual AWS values.
+   *
+   * @private
+   * @param {object} params - Resolution parameters
+   * @param {object} params.properties - CloudFormation properties
+   * @param {object} params.awsResourceDetails - AWS resource state
+   * @param {string} params.resourceType - AWS resource type
+   * @returns {object} Resolved properties
+   */
+  _resolveIntrinsics({ properties, awsResourceDetails, resourceType }) {
+    const resolved = {};
+
+    for (const [key, value] of Object.entries(properties)) {
+      resolved[key] = this._resolveValue(
+        value,
+        awsResourceDetails,
+        resourceType
+      );
+    }
+
+    return resolved;
+  }
+
+  /**
+   * Recursively resolve a property value
+   *
+   * Handles:
+   * - Intrinsic functions (!Ref, !Sub, !GetAtt)
+   * - Nested objects
+   * - Arrays
+   * - Literal values
+   *
+   * @private
+   * @param {*} value - Property value to resolve
+   * @param {object} awsResourceDetails - AWS resource state
+   * @param {string} resourceType - AWS resource type
+   * @returns {*} Resolved value
+   */
+  _resolveValue(value, awsResourceDetails, resourceType) {
+    // Handle intrinsic functions
+    if (typeof value === 'object' && value !== null) {
+      // !Ref
+      if (value.Ref) {
+        return this._resolveRef(value.Ref, awsResourceDetails, resourceType);
+      }
+
+      // !Sub
+      if (value['Fn::Sub']) {
+        return this._resolveSub(value['Fn::Sub'], awsResourceDetails);
+      }
+
+      // !GetAtt
+      if (value['Fn::GetAtt']) {
+        return this._resolveGetAtt(value['Fn::GetAtt'], awsResourceDetails);
+      }
+
+      // Recursively process nested objects
+      if (Array.isArray(value)) {
+        return value.map((v) =>
+          this._resolveValue(v, awsResourceDetails, resourceType)
+        );
+      }
+
+      // Recursively process object properties
+      const resolved = {};
+      for (const [k, v] of Object.entries(value)) {
+        resolved[k] = this._resolveValue(v, awsResourceDetails, resourceType);
+      }
+      return resolved;
+    }
+
+    // Literal value
+    return value;
+  }
+
+  /**
+   * Resolve !Ref to actual AWS value
+   *
+   * Maps common parameter names and resource references to AWS property values.
+   * Supports:
+   * - Parameter names (VpcCidr, VpcId, etc.)
+   * - Resource logical IDs (FriggVPC, FriggLambdaSecurityGroup, etc.)
+   * - Direct property references (Subnet1, Subnet2, etc.)
+   *
+   * @private
+   * @param {string} refName - Reference name
+   * @param {object} awsResourceDetails - AWS resource state
+   * @param {string} resourceType - AWS resource type
+   * @returns {*} Resolved value
+   */
+  _resolveRef(refName, awsResourceDetails, resourceType) {
+    // Map common parameters to AWS properties
+    const refMap = {
+      VpcCidr: awsResourceDetails.properties?.CidrBlock,
+      VpcId: awsResourceDetails.properties?.VpcId,
+    };
+
+    if (refMap[refName] !== undefined) {
+      return refMap[refName];
+    }
+
+    // First, try direct property lookup
+    // This handles cases like { Ref: 'Subnet1' } where properties.Subnet1 = 'subnet-111'
+    const directValue = awsResourceDetails.properties?.[refName];
+    if (directValue !== undefined) {
+      return directValue;
+    }
+
+    // Check if refName is a resource logical ID that references another resource
+    // In this case, the AWS properties will already have the resolved value
+    // For example: { Ref: 'FriggVPC' } should resolve to VpcId from properties
+    // For example: { Ref: 'FriggLambdaSecurityGroup' } should resolve to GroupId from properties
+    if (refName.includes('VPC') && !refName.includes('Endpoint')) {
+      // VPC resource reference
+      return awsResourceDetails.properties?.VpcId || refName;
+    } else if (refName.includes('Subnet')) {
+      // Subnet resource reference
+      return awsResourceDetails.properties?.SubnetId || refName;
+    } else if (refName.includes('SecurityGroup')) {
+      // Security Group resource reference
+      return awsResourceDetails.properties?.GroupId || refName;
+    }
+
+    // Fallback: return the ref name itself if not found
+    return refName;
+  }
+
+  /**
+   * Resolve !Sub to actual string
+   *
+   * Replaces CloudFormation pseudo parameters and variables
+   * with actual values from AWS resource state.
+   *
+   * Supports:
+   * - ${AWS::StackName}
+   * - Custom variables from tags
+   *
+   * @private
+   * @param {string|object} subValue - Sub expression
+   * @param {object} awsResourceDetails - AWS resource state
+   * @returns {string|object} Resolved value
+   */
+  _resolveSub(subValue, awsResourceDetails) {
+    if (typeof subValue !== 'string') {
+      return subValue;
+    }
+
+    // Replace ${AWS::StackName} with actual stack name
+    let resolved = subValue.replace(
+      /\$\{AWS::StackName\}/g,
+      awsResourceDetails.stackName || ''
+    );
+
+    // Replace other variables if present in tags
+    if (awsResourceDetails.tags) {
+      for (const [key, value] of Object.entries(awsResourceDetails.tags)) {
+        resolved = resolved.replace(new RegExp(`\\$\\{${key}\\}`, 'g'), value);
+      }
+    }
+
+    return resolved;
+  }
+
+  /**
+   * Resolve !GetAtt to actual attribute value
+   *
+   * Gets attribute value from AWS resource properties.
+   * When the attribute refers to a different resource's property
+   * (e.g., FriggVPC.CidrBlock from a Subnet), we need to look at
+   * the actual AWS values in the current resource's properties.
+   *
+   * The AWS resource details from the detector already contain
+   * resolved values. For example, a Subnet may have Tags that
+   * include the VPC's CIDR, or properties that include the VPC ID.
+   *
+   * @private
+   * @param {Array} getAttValue - GetAtt expression [ResourceName, AttributeName]
+   * @param {object} awsResourceDetails - AWS resource state
+   * @returns {*} Attribute value or null
+   */
+  _resolveGetAtt([resourceName, attributeName], awsResourceDetails) {
+    // First try to get directly from properties
+    const directValue = awsResourceDetails.properties?.[attributeName];
+    if (directValue !== undefined && directValue !== null) {
+      // Check if this is the actual value we want
+      // For cross-resource references, we need to be more careful
+      // If resourceName refers to a different resource (e.g., FriggVPC from a Subnet),
+      // the property might not be the right one
+
+      // If getting VPC.CidrBlock, but we have Subnet.CidrBlock,
+      // we need to look elsewhere
+      if (resourceName.includes('VPC') && attributeName === 'CidrBlock') {
+        // Check if this is actually a subnet's CIDR (starts with same first two octets + .X.0/24 pattern)
+        // If so, we need to look at Tags for VpcCidr
+        const tags = awsResourceDetails.properties?.Tags;
+        if (Array.isArray(tags)) {
+          const vpcCidrTag = tags.find(t => t.Key === 'VpcCidr');
+          if (vpcCidrTag) {
+            return vpcCidrTag.Value;
+          }
+        }
+      }
+
+      return directValue;
+    }
+
+    // Check Tags as fallback
+    const tags = awsResourceDetails.properties?.Tags;
+    if (Array.isArray(tags)) {
+      const tag = tags.find(t => t.Key === attributeName || t.Key === `${resourceName}${attributeName}`);
+      if (tag) {
+        return tag.Value;
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Get resource identifier for import operation
+   *
+   * Maps resource type to CloudFormation import identifier format.
+   * Each AWS resource type has a specific identifier property.
+   *
+   * @private
+   * @param {string} resourceType - AWS resource type
+   * @param {string} physicalId - AWS physical resource ID
+   * @returns {object} Resource identifier for import
+   */
+  _getResourceIdentifier(resourceType, physicalId) {
+    const identifierMap = {
+      'AWS::EC2::VPC': { VpcId: physicalId },
+      'AWS::EC2::Subnet': { SubnetId: physicalId },
+      'AWS::EC2::SecurityGroup': { Id: physicalId },
+      'AWS::EC2::InternetGateway': { InternetGatewayId: physicalId },
+      'AWS::EC2::NatGateway': { NatGatewayId: physicalId },
+      'AWS::EC2::RouteTable': { RouteTableId: physicalId },
+      'AWS::EC2::VPCEndpoint': { VpcEndpointId: physicalId },
+    };
+
+    return identifierMap[resourceType] || { Id: physicalId };
+  }
+}
+
+module.exports = { ImportTemplateGenerator };

package/infrastructure/domains/health/domain/services/logical-id-mapper.js

@@ -33,7 +33,9 @@ class LogicalIdMapper {
 
     for (const orphan of orphanedResources) {
       // Strategy 1: Check CloudFormation tags for logical ID
-      const logicalIdFromTag = this._getLogicalIdFromTags(orphan.tags);
+      // Tags are stored in orphan.properties.tags (Resource entity structure)
+      const tags = orphan.properties?.tags || orphan.tags; // Support both formats
+      const logicalIdFromTag = this._getLogicalIdFromTags(tags);
 
       if (logicalIdFromTag) {
         mappings.push({
@@ -116,15 +118,28 @@ class LogicalIdMapper {
 
   /**
    * Extract logical ID from CloudFormation tags
+   * Supports both formats:
+   * - AWS array format: [{Key: 'aws:cloudformation:logical-id', Value: 'FriggVPC'}]
+   * - Parsed object format: {'aws:cloudformation:logical-id': 'FriggVPC'}
    * @private
    */
   _getLogicalIdFromTags(tags) {
-    if (!tags || !Array.isArray(tags)) return null;
+    if (!tags) return null;
+
+    // Handle AWS array format [{Key, Value}]
+    if (Array.isArray(tags)) {
+      const logicalIdTag = tags.find(
+        (t) => t.Key === 'aws:cloudformation:logical-id'
+      );
+      return logicalIdTag ? logicalIdTag.Value : null;
+    }
 
-    const logicalIdTag = tags.find(
-      (t) => t.Key === 'aws:cloudformation:logical-id'
-    );
-    return logicalIdTag ? logicalIdTag.Value : null;
+    // Handle parsed object format {key: value}
+    if (typeof tags === 'object') {
+      return tags['aws:cloudformation:logical-id'] || null;
+    }
+
+    return null;
   }
 
   /**