@friggframework/devtools 2.0.0--canary.474.d64c550.0 → 2.0.0--canary.474.082077e.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.js +471 -0
  2. package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.test.js +497 -0
  3. package/infrastructure/domains/health/infrastructure/adapters/aws-stack-repository.js +386 -0
  4. package/infrastructure/domains/health/infrastructure/adapters/aws-stack-repository.test.js +580 -0
  5. package/package.json +6 -6
package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.js ADDED
@@ -0,0 +1,471 @@
1
+ /**
2
+ * AWSResourceDetector - AWS Resource Discovery Adapter
3
+ *
4
+ * Infrastructure Adapter - Hexagonal Architecture
5
+ *
6
+ * Implements IResourceDetector port for AWS.
7
+ * Discovers cloud resources using AWS SDK v3 (EC2, RDS, KMS).
8
+ *
9
+ * Supports:
10
+ * - EC2: VPC, Subnet, SecurityGroup, RouteTable
11
+ * - RDS: DBCluster
12
+ * - KMS: Key
13
+ *
14
+ * Lazy-loads AWS SDK to minimize cold start time and memory usage.
15
+ */
16
+
17
+ const IResourceDetector = require('../../application/ports/IResourceDetector');
18
+
19
+ // Lazy-loaded AWS SDK clients
20
+ let EC2Client, DescribeVpcsCommand, DescribeSubnetsCommand, DescribeSecurityGroupsCommand,
21
+ DescribeRouteTablesCommand;
22
+ let RDSClient, DescribeDBClustersCommand;
23
+ let KMSClient, ListKeysCommand, DescribeKeyCommand, ListAliasesCommand;
24
+
25
+ /**
26
+ * Lazy load EC2 SDK
27
+ */
28
+ function loadEC2() {
29
+ if (!EC2Client) {
30
+ const ec2Module = require('@aws-sdk/client-ec2');
31
+ EC2Client = ec2Module.EC2Client;
32
+ DescribeVpcsCommand = ec2Module.DescribeVpcsCommand;
33
+ DescribeSubnetsCommand = ec2Module.DescribeSubnetsCommand;
34
+ DescribeSecurityGroupsCommand = ec2Module.DescribeSecurityGroupsCommand;
35
+ DescribeRouteTablesCommand = ec2Module.DescribeRouteTablesCommand;
36
+ }
37
+ }
38
+
39
+ /**
40
+ * Lazy load RDS SDK
41
+ */
42
+ function loadRDS() {
43
+ if (!RDSClient) {
44
+ const rdsModule = require('@aws-sdk/client-rds');
45
+ RDSClient = rdsModule.RDSClient;
46
+ DescribeDBClustersCommand = rdsModule.DescribeDBClustersCommand;
47
+ }
48
+ }
49
+
50
+ /**
51
+ * Lazy load KMS SDK
52
+ */
53
+ function loadKMS() {
54
+ if (!KMSClient) {
55
+ const kmsModule = require('@aws-sdk/client-kms');
56
+ KMSClient = kmsModule.KMSClient;
57
+ ListKeysCommand = kmsModule.ListKeysCommand;
58
+ DescribeKeyCommand = kmsModule.DescribeKeyCommand;
59
+ ListAliasesCommand = kmsModule.ListAliasesCommand;
60
+ }
61
+ }
62
+
63
+ class AWSResourceDetector extends IResourceDetector {
64
+ /**
65
+ * Supported resource types
66
+ * @private
67
+ */
68
+ static SUPPORTED_TYPES = [
69
+ 'AWS::EC2::VPC',
70
+ 'AWS::EC2::Subnet',
71
+ 'AWS::EC2::SecurityGroup',
72
+ 'AWS::EC2::RouteTable',
73
+ 'AWS::RDS::DBCluster',
74
+ 'AWS::KMS::Key',
75
+ ];
76
+
77
+ /**
78
+ * Create AWS Resource Detector
79
+ *
80
+ * @param {Object} [config={}]
81
+ * @param {string} [config.region] - AWS region (defaults to AWS_REGION env var)
82
+ */
83
+ constructor(config = {}) {
84
+ super();
85
+ this.region = config.region || process.env.AWS_REGION || 'us-east-1';
86
+ this.ec2Client = null;
87
+ this.rdsClient = null;
88
+ this.kmsClient = null;
89
+ }
90
+
91
+ /**
92
+ * Get or create EC2 client
93
+ * @private
94
+ */
95
+ _getEC2Client() {
96
+ if (!this.ec2Client) {
97
+ loadEC2();
98
+ this.ec2Client = new EC2Client({ region: this.region });
99
+ }
100
+ return this.ec2Client;
101
+ }
102
+
103
+ /**
104
+ * Get or create RDS client
105
+ * @private
106
+ */
107
+ _getRDSClient() {
108
+ if (!this.rdsClient) {
109
+ loadRDS();
110
+ this.rdsClient = new RDSClient({ region: this.region });
111
+ }
112
+ return this.rdsClient;
113
+ }
114
+
115
+ /**
116
+ * Get or create KMS client
117
+ * @private
118
+ */
119
+ _getKMSClient() {
120
+ if (!this.kmsClient) {
121
+ loadKMS();
122
+ this.kmsClient = new KMSClient({ region: this.region });
123
+ }
124
+ return this.kmsClient;
125
+ }
126
+
127
+ /**
128
+ * Get list of supported resource types
129
+ */
130
+ async getSupportedResourceTypes() {
131
+ return [...AWSResourceDetector.SUPPORTED_TYPES];
132
+ }
133
+
134
+ /**
135
+ * Detect all resources of a specific type in a region
136
+ */
137
+ async detectResources({ resourceType, region, filters = {} }) {
138
+ if (!AWSResourceDetector.SUPPORTED_TYPES.includes(resourceType)) {
139
+ throw new Error(`Resource type ${resourceType} is not supported`);
140
+ }
141
+
142
+ switch (resourceType) {
143
+ case 'AWS::EC2::VPC':
144
+ return await this._detectVPCs(filters);
145
+ case 'AWS::EC2::Subnet':
146
+ return await this._detectSubnets(filters);
147
+ case 'AWS::EC2::SecurityGroup':
148
+ return await this._detectSecurityGroups(filters);
149
+ case 'AWS::EC2::RouteTable':
150
+ return await this._detectRouteTables(filters);
151
+ case 'AWS::RDS::DBCluster':
152
+ return await this._detectDBClusters(filters);
153
+ case 'AWS::KMS::Key':
154
+ return await this._detectKMSKeys(filters);
155
+ default:
156
+ throw new Error(`Resource type ${resourceType} is not supported`);
157
+ }
158
+ }
159
+
160
+ /**
161
+ * Get details for a specific resource
162
+ */
163
+ async getResourceDetails({ resourceType, physicalId, region }) {
164
+ const resources = await this.detectResources({ resourceType, region });
165
+
166
+ const resource = resources.find((r) => r.physicalId === physicalId);
167
+
168
+ if (!resource) {
169
+ throw new Error(`Resource ${physicalId} not found`);
170
+ }
171
+
172
+ return resource;
173
+ }
174
+
175
+ /**
176
+ * Check if a resource exists
177
+ */
178
+ async resourceExists({ resourceType, physicalId, region }) {
179
+ try {
180
+ await this.getResourceDetails({ resourceType, physicalId, region });
181
+ return true;
182
+ } catch (error) {
183
+ if (error.message?.includes('not found')) {
184
+ return false;
185
+ }
186
+ throw error;
187
+ }
188
+ }
189
+
190
+ /**
191
+ * Detect resources by tags
192
+ */
193
+ async detectResourcesByTags({ tags, region, resourceTypes = [] }) {
194
+ const types = resourceTypes.length > 0 ? resourceTypes : AWSResourceDetector.SUPPORTED_TYPES;
195
+
196
+ const allResources = [];
197
+
198
+ for (const resourceType of types) {
199
+ const resources = await this.detectResources({
200
+ resourceType,
201
+ region,
202
+ filters: { tags },
203
+ });
204
+
205
+ allResources.push(...resources);
206
+ }
207
+
208
+ return allResources;
209
+ }
210
+
211
+ /**
212
+ * Find orphaned resources (exist in cloud but not in any stack)
213
+ */
214
+ async findOrphanedResources({ region, resourceTypes = [], excludePhysicalIds = [] }) {
215
+ const types = resourceTypes.length > 0 ? resourceTypes : AWSResourceDetector.SUPPORTED_TYPES;
216
+
217
+ const orphans = [];
218
+
219
+ for (const resourceType of types) {
220
+ const resources = await this.detectResources({ resourceType, region });
221
+
222
+ for (const resource of resources) {
223
+ // Exclude specified physical IDs
224
+ if (excludePhysicalIds.includes(resource.physicalId)) {
225
+ continue;
226
+ }
227
+
228
+ // Mark as orphaned (in real implementation, would check CloudFormation stacks)
229
+ orphans.push({
230
+ ...resource,
231
+ isOrphaned: true,
232
+ reason: `Resource ${resource.physicalId} exists in cloud but is not managed by CloudFormation`,
233
+ });
234
+ }
235
+ }
236
+
237
+ return orphans;
238
+ }
239
+
240
+ // ========================================
241
+ // Private Resource Detection Methods
242
+ // ========================================
243
+
244
+ /**
245
+ * Detect VPCs
246
+ * @private
247
+ */
248
+ async _detectVPCs(filters) {
249
+ const client = this._getEC2Client();
250
+
251
+ const command = new DescribeVpcsCommand({});
252
+ const response = await client.send(command);
253
+
254
+ const vpcs = response.Vpcs || [];
255
+
256
+ return vpcs
257
+ .filter((vpc) => this._matchesTagFilter(vpc.Tags, filters.tags))
258
+ .map((vpc) => ({
259
+ physicalId: vpc.VpcId,
260
+ resourceType: 'AWS::EC2::VPC',
261
+ properties: {
262
+ VpcId: vpc.VpcId,
263
+ CidrBlock: vpc.CidrBlock,
264
+ State: vpc.State,
265
+ EnableDnsHostnames: vpc.EnableDnsHostnames,
266
+ EnableDnsSupport: vpc.EnableDnsSupport,
267
+ },
268
+ tags: this._parseTags(vpc.Tags),
269
+ createdTime: new Date(), // VPCs don't have creation time in API
270
+ }));
271
+ }
272
+
273
+ /**
274
+ * Detect Subnets
275
+ * @private
276
+ */
277
+ async _detectSubnets(filters) {
278
+ const client = this._getEC2Client();
279
+
280
+ const command = new DescribeSubnetsCommand({});
281
+ const response = await client.send(command);
282
+
283
+ const subnets = response.Subnets || [];
284
+
285
+ return subnets
286
+ .filter((subnet) => this._matchesTagFilter(subnet.Tags, filters.tags))
287
+ .map((subnet) => ({
288
+ physicalId: subnet.SubnetId,
289
+ resourceType: 'AWS::EC2::Subnet',
290
+ properties: {
291
+ SubnetId: subnet.SubnetId,
292
+ VpcId: subnet.VpcId,
293
+ CidrBlock: subnet.CidrBlock,
294
+ AvailabilityZone: subnet.AvailabilityZone,
295
+ State: subnet.State,
296
+ },
297
+ tags: this._parseTags(subnet.Tags),
298
+ createdTime: new Date(),
299
+ }));
300
+ }
301
+
302
+ /**
303
+ * Detect SecurityGroups
304
+ * @private
305
+ */
306
+ async _detectSecurityGroups(filters) {
307
+ const client = this._getEC2Client();
308
+
309
+ const command = new DescribeSecurityGroupsCommand({});
310
+ const response = await client.send(command);
311
+
312
+ const securityGroups = response.SecurityGroups || [];
313
+
314
+ return securityGroups
315
+ .filter((sg) => this._matchesTagFilter(sg.Tags, filters.tags))
316
+ .map((sg) => ({
317
+ physicalId: sg.GroupId,
318
+ resourceType: 'AWS::EC2::SecurityGroup',
319
+ properties: {
320
+ GroupId: sg.GroupId,
321
+ GroupName: sg.GroupName,
322
+ Description: sg.Description,
323
+ VpcId: sg.VpcId,
324
+ },
325
+ tags: this._parseTags(sg.Tags),
326
+ createdTime: new Date(),
327
+ }));
328
+ }
329
+
330
+ /**
331
+ * Detect RouteTables
332
+ * @private
333
+ */
334
+ async _detectRouteTables(filters) {
335
+ const client = this._getEC2Client();
336
+
337
+ const command = new DescribeRouteTablesCommand({});
338
+ const response = await client.send(command);
339
+
340
+ const routeTables = response.RouteTables || [];
341
+
342
+ return routeTables
343
+ .filter((rt) => this._matchesTagFilter(rt.Tags, filters.tags))
344
+ .map((rt) => ({
345
+ physicalId: rt.RouteTableId,
346
+ resourceType: 'AWS::EC2::RouteTable',
347
+ properties: {
348
+ RouteTableId: rt.RouteTableId,
349
+ VpcId: rt.VpcId,
350
+ Routes: rt.Routes,
351
+ Associations: rt.Associations,
352
+ },
353
+ tags: this._parseTags(rt.Tags),
354
+ createdTime: new Date(),
355
+ }));
356
+ }
357
+
358
+ /**
359
+ * Detect RDS DBClusters
360
+ * @private
361
+ */
362
+ async _detectDBClusters(filters) {
363
+ const client = this._getRDSClient();
364
+
365
+ const command = new DescribeDBClustersCommand({});
366
+ const response = await client.send(command);
367
+
368
+ const dbClusters = response.DBClusters || [];
369
+
370
+ return dbClusters
371
+ .filter((cluster) => this._matchesTagFilter(cluster.TagList, filters.tags))
372
+ .map((cluster) => ({
373
+ physicalId: cluster.DBClusterIdentifier,
374
+ resourceType: 'AWS::RDS::DBCluster',
375
+ properties: {
376
+ DBClusterIdentifier: cluster.DBClusterIdentifier,
377
+ DBClusterArn: cluster.DBClusterArn,
378
+ Engine: cluster.Engine,
379
+ EngineVersion: cluster.EngineVersion,
380
+ Status: cluster.Status,
381
+ },
382
+ tags: this._parseTags(cluster.TagList),
383
+ createdTime: cluster.ClusterCreateTime,
384
+ }));
385
+ }
386
+
387
+ /**
388
+ * Detect KMS Keys
389
+ * @private
390
+ */
391
+ async _detectKMSKeys(filters) {
392
+ const client = this._getKMSClient();
393
+
394
+ // List all keys
395
+ const listCommand = new ListKeysCommand({});
396
+ const listResponse = await client.send(listCommand);
397
+
398
+ const keys = listResponse.Keys || [];
399
+ const resources = [];
400
+
401
+ // Get details for each key
402
+ for (const key of keys) {
403
+ const describeCommand = new DescribeKeyCommand({ KeyId: key.KeyId });
404
+ const describeResponse = await client.send(describeCommand);
405
+ const keyMetadata = describeResponse.KeyMetadata;
406
+
407
+ // Get aliases for this key
408
+ const aliasCommand = new ListAliasesCommand({ KeyId: key.KeyId });
409
+ const aliasResponse = await client.send(aliasCommand);
410
+
411
+ resources.push({
412
+ physicalId: keyMetadata.KeyId,
413
+ resourceType: 'AWS::KMS::Key',
414
+ properties: {
415
+ KeyId: keyMetadata.KeyId,
416
+ Arn: keyMetadata.Arn,
417
+ Enabled: keyMetadata.Enabled,
418
+ KeyState: keyMetadata.KeyState,
419
+ KeyManager: keyMetadata.KeyManager,
420
+ },
421
+ tags: {}, // KMS uses separate tagging API
422
+ createdTime: keyMetadata.CreationDate,
423
+ });
424
+ }
425
+
426
+ return resources;
427
+ }
428
+
429
+ // ========================================
430
+ // Private Helper Methods
431
+ // ========================================
432
+
433
+ /**
434
+ * Parse AWS tags to key-value object
435
+ * @private
436
+ */
437
+ _parseTags(tags) {
438
+ if (!tags || tags.length === 0) {
439
+ return {};
440
+ }
441
+
442
+ const result = {};
443
+ for (const tag of tags) {
444
+ result[tag.Key] = tag.Value;
445
+ }
446
+ return result;
447
+ }
448
+
449
+ /**
450
+ * Check if resource tags match filter
451
+ * @private
452
+ */
453
+ _matchesTagFilter(resourceTags, filterTags) {
454
+ if (!filterTags || Object.keys(filterTags).length === 0) {
455
+ return true; // No filter, match all
456
+ }
457
+
458
+ const tags = this._parseTags(resourceTags);
459
+
460
+ // Check if all filter tags match
461
+ for (const [key, value] of Object.entries(filterTags)) {
462
+ if (tags[key] !== value) {
463
+ return false;
464
+ }
465
+ }
466
+
467
+ return true;
468
+ }
469
+ }
470
+
471
+ module.exports = AWSResourceDetector;