@friggframework/devtools 2.0.0--canary.474.efd7936.0 → 2.0.0--canary.474.082077e.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.js +471 -0
  2. package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.test.js +497 -0
  3. package/package.json +6 -6
package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.js ADDED
@@ -0,0 +1,471 @@
1
+ /**
2
+ * AWSResourceDetector - AWS Resource Discovery Adapter
3
+ *
4
+ * Infrastructure Adapter - Hexagonal Architecture
5
+ *
6
+ * Implements IResourceDetector port for AWS.
7
+ * Discovers cloud resources using AWS SDK v3 (EC2, RDS, KMS).
8
+ *
9
+ * Supports:
10
+ * - EC2: VPC, Subnet, SecurityGroup, RouteTable
11
+ * - RDS: DBCluster
12
+ * - KMS: Key
13
+ *
14
+ * Lazy-loads AWS SDK to minimize cold start time and memory usage.
15
+ */
16
+
17
+ const IResourceDetector = require('../../application/ports/IResourceDetector');
18
+
19
+ // Lazy-loaded AWS SDK clients
20
+ let EC2Client, DescribeVpcsCommand, DescribeSubnetsCommand, DescribeSecurityGroupsCommand,
21
+ DescribeRouteTablesCommand;
22
+ let RDSClient, DescribeDBClustersCommand;
23
+ let KMSClient, ListKeysCommand, DescribeKeyCommand, ListAliasesCommand;
24
+
25
+ /**
26
+ * Lazy load EC2 SDK
27
+ */
28
+ function loadEC2() {
29
+ if (!EC2Client) {
30
+ const ec2Module = require('@aws-sdk/client-ec2');
31
+ EC2Client = ec2Module.EC2Client;
32
+ DescribeVpcsCommand = ec2Module.DescribeVpcsCommand;
33
+ DescribeSubnetsCommand = ec2Module.DescribeSubnetsCommand;
34
+ DescribeSecurityGroupsCommand = ec2Module.DescribeSecurityGroupsCommand;
35
+ DescribeRouteTablesCommand = ec2Module.DescribeRouteTablesCommand;
36
+ }
37
+ }
38
+
39
+ /**
40
+ * Lazy load RDS SDK
41
+ */
42
+ function loadRDS() {
43
+ if (!RDSClient) {
44
+ const rdsModule = require('@aws-sdk/client-rds');
45
+ RDSClient = rdsModule.RDSClient;
46
+ DescribeDBClustersCommand = rdsModule.DescribeDBClustersCommand;
47
+ }
48
+ }
49
+
50
+ /**
51
+ * Lazy load KMS SDK
52
+ */
53
+ function loadKMS() {
54
+ if (!KMSClient) {
55
+ const kmsModule = require('@aws-sdk/client-kms');
56
+ KMSClient = kmsModule.KMSClient;
57
+ ListKeysCommand = kmsModule.ListKeysCommand;
58
+ DescribeKeyCommand = kmsModule.DescribeKeyCommand;
59
+ ListAliasesCommand = kmsModule.ListAliasesCommand;
60
+ }
61
+ }
62
+
63
+ class AWSResourceDetector extends IResourceDetector {
64
+ /**
65
+ * Supported resource types
66
+ * @private
67
+ */
68
+ static SUPPORTED_TYPES = [
69
+ 'AWS::EC2::VPC',
70
+ 'AWS::EC2::Subnet',
71
+ 'AWS::EC2::SecurityGroup',
72
+ 'AWS::EC2::RouteTable',
73
+ 'AWS::RDS::DBCluster',
74
+ 'AWS::KMS::Key',
75
+ ];
76
+
77
+ /**
78
+ * Create AWS Resource Detector
79
+ *
80
+ * @param {Object} [config={}]
81
+ * @param {string} [config.region] - AWS region (defaults to AWS_REGION env var)
82
+ */
83
+ constructor(config = {}) {
84
+ super();
85
+ this.region = config.region || process.env.AWS_REGION || 'us-east-1';
86
+ this.ec2Client = null;
87
+ this.rdsClient = null;
88
+ this.kmsClient = null;
89
+ }
90
+
91
+ /**
92
+ * Get or create EC2 client
93
+ * @private
94
+ */
95
+ _getEC2Client() {
96
+ if (!this.ec2Client) {
97
+ loadEC2();
98
+ this.ec2Client = new EC2Client({ region: this.region });
99
+ }
100
+ return this.ec2Client;
101
+ }
102
+
103
+ /**
104
+ * Get or create RDS client
105
+ * @private
106
+ */
107
+ _getRDSClient() {
108
+ if (!this.rdsClient) {
109
+ loadRDS();
110
+ this.rdsClient = new RDSClient({ region: this.region });
111
+ }
112
+ return this.rdsClient;
113
+ }
114
+
115
+ /**
116
+ * Get or create KMS client
117
+ * @private
118
+ */
119
+ _getKMSClient() {
120
+ if (!this.kmsClient) {
121
+ loadKMS();
122
+ this.kmsClient = new KMSClient({ region: this.region });
123
+ }
124
+ return this.kmsClient;
125
+ }
126
+
127
+ /**
128
+ * Get list of supported resource types
129
+ */
130
+ async getSupportedResourceTypes() {
131
+ return [...AWSResourceDetector.SUPPORTED_TYPES];
132
+ }
133
+
134
+ /**
135
+ * Detect all resources of a specific type in a region
136
+ */
137
+ async detectResources({ resourceType, region, filters = {} }) {
138
+ if (!AWSResourceDetector.SUPPORTED_TYPES.includes(resourceType)) {
139
+ throw new Error(`Resource type ${resourceType} is not supported`);
140
+ }
141
+
142
+ switch (resourceType) {
143
+ case 'AWS::EC2::VPC':
144
+ return await this._detectVPCs(filters);
145
+ case 'AWS::EC2::Subnet':
146
+ return await this._detectSubnets(filters);
147
+ case 'AWS::EC2::SecurityGroup':
148
+ return await this._detectSecurityGroups(filters);
149
+ case 'AWS::EC2::RouteTable':
150
+ return await this._detectRouteTables(filters);
151
+ case 'AWS::RDS::DBCluster':
152
+ return await this._detectDBClusters(filters);
153
+ case 'AWS::KMS::Key':
154
+ return await this._detectKMSKeys(filters);
155
+ default:
156
+ throw new Error(`Resource type ${resourceType} is not supported`);
157
+ }
158
+ }
159
+
160
+ /**
161
+ * Get details for a specific resource
162
+ */
163
+ async getResourceDetails({ resourceType, physicalId, region }) {
164
+ const resources = await this.detectResources({ resourceType, region });
165
+
166
+ const resource = resources.find((r) => r.physicalId === physicalId);
167
+
168
+ if (!resource) {
169
+ throw new Error(`Resource ${physicalId} not found`);
170
+ }
171
+
172
+ return resource;
173
+ }
174
+
175
+ /**
176
+ * Check if a resource exists
177
+ */
178
+ async resourceExists({ resourceType, physicalId, region }) {
179
+ try {
180
+ await this.getResourceDetails({ resourceType, physicalId, region });
181
+ return true;
182
+ } catch (error) {
183
+ if (error.message?.includes('not found')) {
184
+ return false;
185
+ }
186
+ throw error;
187
+ }
188
+ }
189
+
190
+ /**
191
+ * Detect resources by tags
192
+ */
193
+ async detectResourcesByTags({ tags, region, resourceTypes = [] }) {
194
+ const types = resourceTypes.length > 0 ? resourceTypes : AWSResourceDetector.SUPPORTED_TYPES;
195
+
196
+ const allResources = [];
197
+
198
+ for (const resourceType of types) {
199
+ const resources = await this.detectResources({
200
+ resourceType,
201
+ region,
202
+ filters: { tags },
203
+ });
204
+
205
+ allResources.push(...resources);
206
+ }
207
+
208
+ return allResources;
209
+ }
210
+
211
+ /**
212
+ * Find orphaned resources (exist in cloud but not in any stack)
213
+ */
214
+ async findOrphanedResources({ region, resourceTypes = [], excludePhysicalIds = [] }) {
215
+ const types = resourceTypes.length > 0 ? resourceTypes : AWSResourceDetector.SUPPORTED_TYPES;
216
+
217
+ const orphans = [];
218
+
219
+ for (const resourceType of types) {
220
+ const resources = await this.detectResources({ resourceType, region });
221
+
222
+ for (const resource of resources) {
223
+ // Exclude specified physical IDs
224
+ if (excludePhysicalIds.includes(resource.physicalId)) {
225
+ continue;
226
+ }
227
+
228
+ // Mark as orphaned (in real implementation, would check CloudFormation stacks)
229
+ orphans.push({
230
+ ...resource,
231
+ isOrphaned: true,
232
+ reason: `Resource ${resource.physicalId} exists in cloud but is not managed by CloudFormation`,
233
+ });
234
+ }
235
+ }
236
+
237
+ return orphans;
238
+ }
239
+
240
+ // ========================================
241
+ // Private Resource Detection Methods
242
+ // ========================================
243
+
244
+ /**
245
+ * Detect VPCs
246
+ * @private
247
+ */
248
+ async _detectVPCs(filters) {
249
+ const client = this._getEC2Client();
250
+
251
+ const command = new DescribeVpcsCommand({});
252
+ const response = await client.send(command);
253
+
254
+ const vpcs = response.Vpcs || [];
255
+
256
+ return vpcs
257
+ .filter((vpc) => this._matchesTagFilter(vpc.Tags, filters.tags))
258
+ .map((vpc) => ({
259
+ physicalId: vpc.VpcId,
260
+ resourceType: 'AWS::EC2::VPC',
261
+ properties: {
262
+ VpcId: vpc.VpcId,
263
+ CidrBlock: vpc.CidrBlock,
264
+ State: vpc.State,
265
+ EnableDnsHostnames: vpc.EnableDnsHostnames,
266
+ EnableDnsSupport: vpc.EnableDnsSupport,
267
+ },
268
+ tags: this._parseTags(vpc.Tags),
269
+ createdTime: new Date(), // VPCs don't have creation time in API
270
+ }));
271
+ }
272
+
273
+ /**
274
+ * Detect Subnets
275
+ * @private
276
+ */
277
+ async _detectSubnets(filters) {
278
+ const client = this._getEC2Client();
279
+
280
+ const command = new DescribeSubnetsCommand({});
281
+ const response = await client.send(command);
282
+
283
+ const subnets = response.Subnets || [];
284
+
285
+ return subnets
286
+ .filter((subnet) => this._matchesTagFilter(subnet.Tags, filters.tags))
287
+ .map((subnet) => ({
288
+ physicalId: subnet.SubnetId,
289
+ resourceType: 'AWS::EC2::Subnet',
290
+ properties: {
291
+ SubnetId: subnet.SubnetId,
292
+ VpcId: subnet.VpcId,
293
+ CidrBlock: subnet.CidrBlock,
294
+ AvailabilityZone: subnet.AvailabilityZone,
295
+ State: subnet.State,
296
+ },
297
+ tags: this._parseTags(subnet.Tags),
298
+ createdTime: new Date(),
299
+ }));
300
+ }
301
+
302
+ /**
303
+ * Detect SecurityGroups
304
+ * @private
305
+ */
306
+ async _detectSecurityGroups(filters) {
307
+ const client = this._getEC2Client();
308
+
309
+ const command = new DescribeSecurityGroupsCommand({});
310
+ const response = await client.send(command);
311
+
312
+ const securityGroups = response.SecurityGroups || [];
313
+
314
+ return securityGroups
315
+ .filter((sg) => this._matchesTagFilter(sg.Tags, filters.tags))
316
+ .map((sg) => ({
317
+ physicalId: sg.GroupId,
318
+ resourceType: 'AWS::EC2::SecurityGroup',
319
+ properties: {
320
+ GroupId: sg.GroupId,
321
+ GroupName: sg.GroupName,
322
+ Description: sg.Description,
323
+ VpcId: sg.VpcId,
324
+ },
325
+ tags: this._parseTags(sg.Tags),
326
+ createdTime: new Date(),
327
+ }));
328
+ }
329
+
330
+ /**
331
+ * Detect RouteTables
332
+ * @private
333
+ */
334
+ async _detectRouteTables(filters) {
335
+ const client = this._getEC2Client();
336
+
337
+ const command = new DescribeRouteTablesCommand({});
338
+ const response = await client.send(command);
339
+
340
+ const routeTables = response.RouteTables || [];
341
+
342
+ return routeTables
343
+ .filter((rt) => this._matchesTagFilter(rt.Tags, filters.tags))
344
+ .map((rt) => ({
345
+ physicalId: rt.RouteTableId,
346
+ resourceType: 'AWS::EC2::RouteTable',
347
+ properties: {
348
+ RouteTableId: rt.RouteTableId,
349
+ VpcId: rt.VpcId,
350
+ Routes: rt.Routes,
351
+ Associations: rt.Associations,
352
+ },
353
+ tags: this._parseTags(rt.Tags),
354
+ createdTime: new Date(),
355
+ }));
356
+ }
357
+
358
+ /**
359
+ * Detect RDS DBClusters
360
+ * @private
361
+ */
362
+ async _detectDBClusters(filters) {
363
+ const client = this._getRDSClient();
364
+
365
+ const command = new DescribeDBClustersCommand({});
366
+ const response = await client.send(command);
367
+
368
+ const dbClusters = response.DBClusters || [];
369
+
370
+ return dbClusters
371
+ .filter((cluster) => this._matchesTagFilter(cluster.TagList, filters.tags))
372
+ .map((cluster) => ({
373
+ physicalId: cluster.DBClusterIdentifier,
374
+ resourceType: 'AWS::RDS::DBCluster',
375
+ properties: {
376
+ DBClusterIdentifier: cluster.DBClusterIdentifier,
377
+ DBClusterArn: cluster.DBClusterArn,
378
+ Engine: cluster.Engine,
379
+ EngineVersion: cluster.EngineVersion,
380
+ Status: cluster.Status,
381
+ },
382
+ tags: this._parseTags(cluster.TagList),
383
+ createdTime: cluster.ClusterCreateTime,
384
+ }));
385
+ }
386
+
387
+ /**
388
+ * Detect KMS Keys
389
+ * @private
390
+ */
391
+ async _detectKMSKeys(filters) {
392
+ const client = this._getKMSClient();
393
+
394
+ // List all keys
395
+ const listCommand = new ListKeysCommand({});
396
+ const listResponse = await client.send(listCommand);
397
+
398
+ const keys = listResponse.Keys || [];
399
+ const resources = [];
400
+
401
+ // Get details for each key
402
+ for (const key of keys) {
403
+ const describeCommand = new DescribeKeyCommand({ KeyId: key.KeyId });
404
+ const describeResponse = await client.send(describeCommand);
405
+ const keyMetadata = describeResponse.KeyMetadata;
406
+
407
+ // Get aliases for this key
408
+ const aliasCommand = new ListAliasesCommand({ KeyId: key.KeyId });
409
+ const aliasResponse = await client.send(aliasCommand);
410
+
411
+ resources.push({
412
+ physicalId: keyMetadata.KeyId,
413
+ resourceType: 'AWS::KMS::Key',
414
+ properties: {
415
+ KeyId: keyMetadata.KeyId,
416
+ Arn: keyMetadata.Arn,
417
+ Enabled: keyMetadata.Enabled,
418
+ KeyState: keyMetadata.KeyState,
419
+ KeyManager: keyMetadata.KeyManager,
420
+ },
421
+ tags: {}, // KMS uses separate tagging API
422
+ createdTime: keyMetadata.CreationDate,
423
+ });
424
+ }
425
+
426
+ return resources;
427
+ }
428
+
429
+ // ========================================
430
+ // Private Helper Methods
431
+ // ========================================
432
+
433
+ /**
434
+ * Parse AWS tags to key-value object
435
+ * @private
436
+ */
437
+ _parseTags(tags) {
438
+ if (!tags || tags.length === 0) {
439
+ return {};
440
+ }
441
+
442
+ const result = {};
443
+ for (const tag of tags) {
444
+ result[tag.Key] = tag.Value;
445
+ }
446
+ return result;
447
+ }
448
+
449
+ /**
450
+ * Check if resource tags match filter
451
+ * @private
452
+ */
453
+ _matchesTagFilter(resourceTags, filterTags) {
454
+ if (!filterTags || Object.keys(filterTags).length === 0) {
455
+ return true; // No filter, match all
456
+ }
457
+
458
+ const tags = this._parseTags(resourceTags);
459
+
460
+ // Check if all filter tags match
461
+ for (const [key, value] of Object.entries(filterTags)) {
462
+ if (tags[key] !== value) {
463
+ return false;
464
+ }
465
+ }
466
+
467
+ return true;
468
+ }
469
+ }
470
+
471
+ module.exports = AWSResourceDetector;
package/infrastructure/domains/health/infrastructure/adapters/aws-resource-detector.test.js ADDED
@@ -0,0 +1,497 @@
1
+ /**
2
+ * Tests for AWSResourceDetector Adapter
3
+ *
4
+ * Tests AWS resource discovery for EC2, RDS, and KMS resources
5
+ */
6
+
7
+ const AWSResourceDetector = require('./aws-resource-detector');
8
+
9
+ // Mock AWS SDK
10
+ jest.mock('@aws-sdk/client-ec2', () => ({
11
+ EC2Client: jest.fn(),
12
+ DescribeVpcsCommand: jest.fn(),
13
+ DescribeSubnetsCommand: jest.fn(),
14
+ DescribeSecurityGroupsCommand: jest.fn(),
15
+ DescribeRouteTablesCommand: jest.fn(),
16
+ }));
17
+
18
+ jest.mock('@aws-sdk/client-rds', () => ({
19
+ RDSClient: jest.fn(),
20
+ DescribeDBClustersCommand: jest.fn(),
21
+ }));
22
+
23
+ jest.mock('@aws-sdk/client-kms', () => ({
24
+ KMSClient: jest.fn(),
25
+ ListKeysCommand: jest.fn(),
26
+ DescribeKeyCommand: jest.fn(),
27
+ ListAliasesCommand: jest.fn(),
28
+ }));
29
+
30
+ describe('AWSResourceDetector', () => {
31
+ let detector;
32
+ let mockEC2Send;
33
+ let mockRDSSend;
34
+ let mockKMSSend;
35
+
36
+ beforeEach(() => {
37
+ jest.clearAllMocks();
38
+
39
+ // Mock EC2 client
40
+ mockEC2Send = jest.fn();
41
+ const { EC2Client } = require('@aws-sdk/client-ec2');
42
+ EC2Client.mockImplementation(() => ({ send: mockEC2Send }));
43
+
44
+ // Mock RDS client
45
+ mockRDSSend = jest.fn();
46
+ const { RDSClient } = require('@aws-sdk/client-rds');
47
+ RDSClient.mockImplementation(() => ({ send: mockRDSSend }));
48
+
49
+ // Mock KMS client
50
+ mockKMSSend = jest.fn();
51
+ const { KMSClient } = require('@aws-sdk/client-kms');
52
+ KMSClient.mockImplementation(() => ({ send: mockKMSSend }));
53
+
54
+ detector = new AWSResourceDetector({ region: 'us-east-1' });
55
+ });
56
+
57
+ describe('getSupportedResourceTypes', () => {
58
+ it('should return list of supported resource types', async () => {
59
+ const types = await detector.getSupportedResourceTypes();
60
+
61
+ expect(types).toContain('AWS::EC2::VPC');
62
+ expect(types).toContain('AWS::EC2::Subnet');
63
+ expect(types).toContain('AWS::EC2::SecurityGroup');
64
+ expect(types).toContain('AWS::EC2::RouteTable');
65
+ expect(types).toContain('AWS::RDS::DBCluster');
66
+ expect(types).toContain('AWS::KMS::Key');
67
+ expect(types).toHaveLength(6);
68
+ });
69
+ });
70
+
71
+ describe('detectResources - VPC', () => {
72
+ it('should detect VPCs', async () => {
73
+ mockEC2Send.mockResolvedValue({
74
+ Vpcs: [
75
+ {
76
+ VpcId: 'vpc-123',
77
+ CidrBlock: '10.0.0.0/16',
78
+ State: 'available',
79
+ Tags: [{ Key: 'Name', Value: 'Main VPC' }],
80
+ },
81
+ {
82
+ VpcId: 'vpc-456',
83
+ CidrBlock: '10.1.0.0/16',
84
+ State: 'available',
85
+ Tags: [],
86
+ },
87
+ ],
88
+ });
89
+
90
+ const resources = await detector.detectResources({
91
+ resourceType: 'AWS::EC2::VPC',
92
+ region: 'us-east-1',
93
+ });
94
+
95
+ expect(resources).toHaveLength(2);
96
+ expect(resources[0]).toEqual({
97
+ physicalId: 'vpc-123',
98
+ resourceType: 'AWS::EC2::VPC',
99
+ properties: {
100
+ VpcId: 'vpc-123',
101
+ CidrBlock: '10.0.0.0/16',
102
+ State: 'available',
103
+ },
104
+ tags: { Name: 'Main VPC' },
105
+ createdTime: expect.any(Date),
106
+ });
107
+ });
108
+
109
+ it('should filter VPCs by tags', async () => {
110
+ mockEC2Send.mockResolvedValue({
111
+ Vpcs: [
112
+ {
113
+ VpcId: 'vpc-123',
114
+ CidrBlock: '10.0.0.0/16',
115
+ State: 'available',
116
+ Tags: [{ Key: 'Environment', Value: 'production' }],
117
+ },
118
+ ],
119
+ });
120
+
121
+ const resources = await detector.detectResources({
122
+ resourceType: 'AWS::EC2::VPC',
123
+ region: 'us-east-1',
124
+ filters: { tags: { Environment: 'production' } },
125
+ });
126
+
127
+ expect(resources).toHaveLength(1);
128
+ expect(resources[0].tags).toEqual({ Environment: 'production' });
129
+ });
130
+ });
131
+
132
+ describe('detectResources - Subnet', () => {
133
+ it('should detect Subnets', async () => {
134
+ mockEC2Send.mockResolvedValue({
135
+ Subnets: [
136
+ {
137
+ SubnetId: 'subnet-123',
138
+ VpcId: 'vpc-123',
139
+ CidrBlock: '10.0.1.0/24',
140
+ AvailabilityZone: 'us-east-1a',
141
+ State: 'available',
142
+ Tags: [{ Key: 'Name', Value: 'Private Subnet' }],
143
+ },
144
+ ],
145
+ });
146
+
147
+ const resources = await detector.detectResources({
148
+ resourceType: 'AWS::EC2::Subnet',
149
+ region: 'us-east-1',
150
+ });
151
+
152
+ expect(resources).toHaveLength(1);
153
+ expect(resources[0].physicalId).toBe('subnet-123');
154
+ expect(resources[0].properties.VpcId).toBe('vpc-123');
155
+ });
156
+ });
157
+
158
+ describe('detectResources - SecurityGroup', () => {
159
+ it('should detect SecurityGroups', async () => {
160
+ mockEC2Send.mockResolvedValue({
161
+ SecurityGroups: [
162
+ {
163
+ GroupId: 'sg-123',
164
+ GroupName: 'default',
165
+ Description: 'Default security group',
166
+ VpcId: 'vpc-123',
167
+ Tags: [],
168
+ },
169
+ ],
170
+ });
171
+
172
+ const resources = await detector.detectResources({
173
+ resourceType: 'AWS::EC2::SecurityGroup',
174
+ region: 'us-east-1',
175
+ });
176
+
177
+ expect(resources).toHaveLength(1);
178
+ expect(resources[0].physicalId).toBe('sg-123');
179
+ });
180
+ });
181
+
182
+ describe('detectResources - RouteTable', () => {
183
+ it('should detect RouteTables', async () => {
184
+ mockEC2Send.mockResolvedValue({
185
+ RouteTables: [
186
+ {
187
+ RouteTableId: 'rtb-123',
188
+ VpcId: 'vpc-123',
189
+ Routes: [],
190
+ Associations: [],
191
+ Tags: [{ Key: 'Name', Value: 'Main Route Table' }],
192
+ },
193
+ ],
194
+ });
195
+
196
+ const resources = await detector.detectResources({
197
+ resourceType: 'AWS::EC2::RouteTable',
198
+ region: 'us-east-1',
199
+ });
200
+
201
+ expect(resources).toHaveLength(1);
202
+ expect(resources[0].physicalId).toBe('rtb-123');
203
+ });
204
+ });
205
+
206
+ describe('detectResources - RDS DBCluster', () => {
207
+ it('should detect RDS DBClusters', async () => {
208
+ mockRDSSend.mockResolvedValue({
209
+ DBClusters: [
210
+ {
211
+ DBClusterIdentifier: 'my-aurora-cluster',
212
+ DBClusterArn: 'arn:aws:rds:us-east-1:123456789012:cluster:my-aurora-cluster',
213
+ Engine: 'aurora-postgresql',
214
+ EngineVersion: '13.7',
215
+ Status: 'available',
216
+ ClusterCreateTime: new Date('2024-01-01T00:00:00Z'),
217
+ TagList: [{ Key: 'Environment', Value: 'production' }],
218
+ },
219
+ ],
220
+ });
221
+
222
+ const resources = await detector.detectResources({
223
+ resourceType: 'AWS::RDS::DBCluster',
224
+ region: 'us-east-1',
225
+ });
226
+
227
+ expect(resources).toHaveLength(1);
228
+ expect(resources[0]).toEqual({
229
+ physicalId: 'my-aurora-cluster',
230
+ resourceType: 'AWS::RDS::DBCluster',
231
+ properties: {
232
+ DBClusterIdentifier: 'my-aurora-cluster',
233
+ DBClusterArn: 'arn:aws:rds:us-east-1:123456789012:cluster:my-aurora-cluster',
234
+ Engine: 'aurora-postgresql',
235
+ EngineVersion: '13.7',
236
+ Status: 'available',
237
+ },
238
+ tags: { Environment: 'production' },
239
+ createdTime: new Date('2024-01-01T00:00:00Z'),
240
+ });
241
+ });
242
+ });
243
+
244
+ describe('detectResources - KMS Key', () => {
245
+ it('should detect KMS Keys', async () => {
246
+ // First call: ListKeys
247
+ mockKMSSend.mockResolvedValueOnce({
248
+ Keys: [
249
+ { KeyId: 'key-123', KeyArn: 'arn:aws:kms:us-east-1:123456789012:key/key-123' },
250
+ ],
251
+ });
252
+
253
+ // Second call: DescribeKey for key-123
254
+ mockKMSSend.mockResolvedValueOnce({
255
+ KeyMetadata: {
256
+ KeyId: 'key-123',
257
+ Arn: 'arn:aws:kms:us-east-1:123456789012:key/key-123',
258
+ CreationDate: new Date('2024-01-01T00:00:00Z'),
259
+ Enabled: true,
260
+ KeyState: 'Enabled',
261
+ KeyManager: 'CUSTOMER',
262
+ },
263
+ });
264
+
265
+ // Third call: ListAliases for key-123
266
+ mockKMSSend.mockResolvedValueOnce({
267
+ Aliases: [{ AliasName: 'alias/my-key', TargetKeyId: 'key-123' }],
268
+ });
269
+
270
+ const resources = await detector.detectResources({
271
+ resourceType: 'AWS::KMS::Key',
272
+ region: 'us-east-1',
273
+ });
274
+
275
+ expect(resources).toHaveLength(1);
276
+ expect(resources[0].physicalId).toBe('key-123');
277
+ expect(resources[0].properties.KeyState).toBe('Enabled');
278
+ expect(mockKMSSend).toHaveBeenCalledTimes(3);
279
+ });
280
+ });
281
+
282
+ describe('detectResources - unsupported type', () => {
283
+ it('should throw error for unsupported resource type', async () => {
284
+ await expect(
285
+ detector.detectResources({
286
+ resourceType: 'AWS::Lambda::Function',
287
+ region: 'us-east-1',
288
+ })
289
+ ).rejects.toThrow('Resource type AWS::Lambda::Function is not supported');
290
+ });
291
+ });
292
+
293
+ describe('getResourceDetails', () => {
294
+ it('should get VPC details', async () => {
295
+ mockEC2Send.mockResolvedValue({
296
+ Vpcs: [
297
+ {
298
+ VpcId: 'vpc-123',
299
+ CidrBlock: '10.0.0.0/16',
300
+ State: 'available',
301
+ EnableDnsHostnames: true,
302
+ EnableDnsSupport: true,
303
+ Tags: [{ Key: 'Name', Value: 'Main VPC' }],
304
+ },
305
+ ],
306
+ });
307
+
308
+ const resource = await detector.getResourceDetails({
309
+ resourceType: 'AWS::EC2::VPC',
310
+ physicalId: 'vpc-123',
311
+ region: 'us-east-1',
312
+ });
313
+
314
+ expect(resource.physicalId).toBe('vpc-123');
315
+ expect(resource.properties.EnableDnsHostnames).toBe(true);
316
+ });
317
+
318
+ it('should get RDS DBCluster details', async () => {
319
+ mockRDSSend.mockResolvedValue({
320
+ DBClusters: [
321
+ {
322
+ DBClusterIdentifier: 'my-cluster',
323
+ Engine: 'aurora-postgresql',
324
+ EngineVersion: '13.7',
325
+ Status: 'available',
326
+ ClusterCreateTime: new Date('2024-01-01T00:00:00Z'),
327
+ },
328
+ ],
329
+ });
330
+
331
+ const resource = await detector.getResourceDetails({
332
+ resourceType: 'AWS::RDS::DBCluster',
333
+ physicalId: 'my-cluster',
334
+ region: 'us-east-1',
335
+ });
336
+
337
+ expect(resource.physicalId).toBe('my-cluster');
338
+ expect(resource.properties.Engine).toBe('aurora-postgresql');
339
+ });
340
+
341
+ it('should throw error if resource not found', async () => {
342
+ mockEC2Send.mockResolvedValue({ Vpcs: [] });
343
+
344
+ await expect(
345
+ detector.getResourceDetails({
346
+ resourceType: 'AWS::EC2::VPC',
347
+ physicalId: 'vpc-nonexistent',
348
+ region: 'us-east-1',
349
+ })
350
+ ).rejects.toThrow('Resource vpc-nonexistent not found');
351
+ });
352
+ });
353
+
354
+ describe('resourceExists', () => {
355
+ it('should return true if VPC exists', async () => {
356
+ mockEC2Send.mockResolvedValue({
357
+ Vpcs: [{ VpcId: 'vpc-123' }],
358
+ });
359
+
360
+ const exists = await detector.resourceExists({
361
+ resourceType: 'AWS::EC2::VPC',
362
+ physicalId: 'vpc-123',
363
+ region: 'us-east-1',
364
+ });
365
+
366
+ expect(exists).toBe(true);
367
+ });
368
+
369
+ it('should return false if VPC does not exist', async () => {
370
+ mockEC2Send.mockResolvedValue({ Vpcs: [] });
371
+
372
+ const exists = await detector.resourceExists({
373
+ resourceType: 'AWS::EC2::VPC',
374
+ physicalId: 'vpc-nonexistent',
375
+ region: 'us-east-1',
376
+ });
377
+
378
+ expect(exists).toBe(false);
379
+ });
380
+ });
381
+
382
+ describe('detectResourcesByTags', () => {
383
+ it('should detect resources matching tags', async () => {
384
+ // VPCs
385
+ mockEC2Send.mockResolvedValueOnce({
386
+ Vpcs: [
387
+ {
388
+ VpcId: 'vpc-123',
389
+ CidrBlock: '10.0.0.0/16',
390
+ State: 'available',
391
+ Tags: [{ Key: 'Environment', Value: 'production' }],
392
+ },
393
+ ],
394
+ });
395
+
396
+ // Subnets
397
+ mockEC2Send.mockResolvedValueOnce({
398
+ Subnets: [
399
+ {
400
+ SubnetId: 'subnet-123',
401
+ VpcId: 'vpc-123',
402
+ CidrBlock: '10.0.1.0/24',
403
+ State: 'available',
404
+ Tags: [{ Key: 'Environment', Value: 'production' }],
405
+ },
406
+ ],
407
+ });
408
+
409
+ const resources = await detector.detectResourcesByTags({
410
+ tags: { Environment: 'production' },
411
+ region: 'us-east-1',
412
+ resourceTypes: ['AWS::EC2::VPC', 'AWS::EC2::Subnet'],
413
+ });
414
+
415
+ expect(resources).toHaveLength(2);
416
+ expect(resources[0].physicalId).toBe('vpc-123');
417
+ expect(resources[1].physicalId).toBe('subnet-123');
418
+ });
419
+
420
+ it('should detect all supported types if resourceTypes not specified', async () => {
421
+ // Mock responses for all supported types
422
+ mockEC2Send.mockResolvedValueOnce({ Vpcs: [] });
423
+ mockEC2Send.mockResolvedValueOnce({ Subnets: [] });
424
+ mockEC2Send.mockResolvedValueOnce({ SecurityGroups: [] });
425
+ mockEC2Send.mockResolvedValueOnce({ RouteTables: [] });
426
+ mockRDSSend.mockResolvedValueOnce({ DBClusters: [] });
427
+ mockKMSSend.mockResolvedValueOnce({ Keys: [] });
428
+
429
+ const resources = await detector.detectResourcesByTags({
430
+ tags: { Team: 'platform' },
431
+ region: 'us-east-1',
432
+ });
433
+
434
+ expect(resources).toEqual([]);
435
+ expect(mockEC2Send).toHaveBeenCalledTimes(4);
436
+ expect(mockRDSSend).toHaveBeenCalledTimes(1);
437
+ expect(mockKMSSend).toHaveBeenCalledTimes(1);
438
+ });
439
+ });
440
+
441
+ describe('findOrphanedResources', () => {
442
+ it('should find orphaned RDS DBCluster', async () => {
443
+ mockRDSSend.mockResolvedValue({
444
+ DBClusters: [
445
+ {
446
+ DBClusterIdentifier: 'orphan-cluster',
447
+ DBClusterArn: 'arn:aws:rds:us-east-1:123456789012:cluster:orphan-cluster',
448
+ Engine: 'aurora-postgresql',
449
+ Status: 'available',
450
+ ClusterCreateTime: new Date('2024-01-01T00:00:00Z'),
451
+ TagList: [],
452
+ },
453
+ ],
454
+ });
455
+
456
+ const orphans = await detector.findOrphanedResources({
457
+ region: 'us-east-1',
458
+ resourceTypes: ['AWS::RDS::DBCluster'],
459
+ });
460
+
461
+ expect(orphans).toHaveLength(1);
462
+ expect(orphans[0].physicalId).toBe('orphan-cluster');
463
+ expect(orphans[0].isOrphaned).toBe(true);
464
+ expect(orphans[0].reason).toContain('not managed by CloudFormation');
465
+ });
466
+
467
+ it('should exclude specified physical IDs', async () => {
468
+ mockEC2Send.mockResolvedValue({
469
+ Vpcs: [
470
+ { VpcId: 'vpc-123', CidrBlock: '10.0.0.0/16', State: 'available', Tags: [] },
471
+ { VpcId: 'vpc-456', CidrBlock: '10.1.0.0/16', State: 'available', Tags: [] },
472
+ ],
473
+ });
474
+
475
+ const orphans = await detector.findOrphanedResources({
476
+ region: 'us-east-1',
477
+ resourceTypes: ['AWS::EC2::VPC'],
478
+ excludePhysicalIds: ['vpc-123'],
479
+ });
480
+
481
+ expect(orphans).toHaveLength(1);
482
+ expect(orphans[0].physicalId).toBe('vpc-456');
483
+ });
484
+ });
485
+
486
+ describe('constructor', () => {
487
+ it('should create instance with default region', () => {
488
+ const det = new AWSResourceDetector();
489
+ expect(det).toBeInstanceOf(AWSResourceDetector);
490
+ });
491
+
492
+ it('should create instance with custom region', () => {
493
+ const det = new AWSResourceDetector({ region: 'eu-west-1' });
494
+ expect(det).toBeInstanceOf(AWSResourceDetector);
495
+ });
496
+ });
497
+ });
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@friggframework/devtools",
3
3
  "prettier": "@friggframework/prettier-config",
4
- "version": "2.0.0--canary.474.efd7936.0",
4
+ "version": "2.0.0--canary.474.082077e.0",
5
5
  "dependencies": {
6
6
  "@aws-sdk/client-ec2": "^3.835.0",
7
7
  "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
11
11
  "@babel/eslint-parser": "^7.18.9",
12
12
  "@babel/parser": "^7.25.3",
13
13
  "@babel/traverse": "^7.25.3",
14
- "@friggframework/schemas": "2.0.0--canary.474.efd7936.0",
15
- "@friggframework/test": "2.0.0--canary.474.efd7936.0",
14
+ "@friggframework/schemas": "2.0.0--canary.474.082077e.0",
15
+ "@friggframework/test": "2.0.0--canary.474.082077e.0",
16
16
  "@hapi/boom": "^10.0.1",
17
17
  "@inquirer/prompts": "^5.3.8",
18
18
  "axios": "^1.7.2",
@@ -34,8 +34,8 @@
34
34
  "serverless-http": "^2.7.0"
35
35
  },
36
36
  "devDependencies": {
37
- "@friggframework/eslint-config": "2.0.0--canary.474.efd7936.0",
38
- "@friggframework/prettier-config": "2.0.0--canary.474.efd7936.0",
37
+ "@friggframework/eslint-config": "2.0.0--canary.474.082077e.0",
38
+ "@friggframework/prettier-config": "2.0.0--canary.474.082077e.0",
39
39
  "aws-sdk-client-mock": "^4.1.0",
40
40
  "aws-sdk-client-mock-jest": "^4.1.0",
41
41
  "jest": "^30.1.3",
@@ -70,5 +70,5 @@
70
70
  "publishConfig": {
71
71
  "access": "public"
72
72
  },
73
- "gitHead": "efd79365aef7bb559b15d072ae85000069c61837"
73
+ "gitHead": "082077ef7bba084fdeaaee60a08f9039542bff40"
74
74
  }