@friggframework/devtools 2.0.0--canary.490.48bfca6.0 → 2.0.0--canary.490.2395f42.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -253,6 +253,17 @@ class KmsBuilder extends InfrastructureBuilder {
|
|
|
253
253
|
if (decisions.key.ownership === ResourceOwnership.STACK && decisions.key.physicalId) {
|
|
254
254
|
// Key exists in stack - add definitions (CloudFormation idempotency)
|
|
255
255
|
console.log(' → Adding KMS definitions to template (existing in stack)');
|
|
256
|
+
|
|
257
|
+
// Check if alias exists in stack before trying to create it
|
|
258
|
+
const aliasExistsInStack = discoveredResources?.existingLogicalIds?.includes('FriggKMSKeyAlias');
|
|
259
|
+
if (!aliasExistsInStack && appDefinition.encryption?.kmsKeyAlias !== false) {
|
|
260
|
+
// Alias doesn't exist and user didn't explicitly disable it
|
|
261
|
+
// Set kmsKeyAlias: false to avoid trying to create it (permission issues)
|
|
262
|
+
console.log(' ℹ KMS alias not found in stack - skipping alias creation to avoid permission errors');
|
|
263
|
+
appDefinition.encryption = appDefinition.encryption || {};
|
|
264
|
+
appDefinition.encryption.kmsKeyAlias = false;
|
|
265
|
+
}
|
|
266
|
+
|
|
256
267
|
result.resources = this.createKmsKey(appDefinition);
|
|
257
268
|
result.environment.KMS_KEY_ARN = { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] };
|
|
258
269
|
console.log(' ✅ KMS key resources created');
|
|
@@ -307,7 +318,7 @@ class KmsBuilder extends InfrastructureBuilder {
|
|
|
307
318
|
* Create KMS key CloudFormation resources
|
|
308
319
|
*/
|
|
309
320
|
createKmsKey(appDefinition) {
|
|
310
|
-
|
|
321
|
+
const resources = {
|
|
311
322
|
FriggKMSKey: {
|
|
312
323
|
Type: 'AWS::KMS::Key',
|
|
313
324
|
DeletionPolicy: 'Retain',
|
|
@@ -361,15 +372,24 @@ class KmsBuilder extends InfrastructureBuilder {
|
|
|
361
372
|
],
|
|
362
373
|
},
|
|
363
374
|
},
|
|
364
|
-
|
|
375
|
+
};
|
|
376
|
+
|
|
377
|
+
// Only create alias if explicitly enabled (default: true for backwards compatibility)
|
|
378
|
+
const createAlias = appDefinition.encryption?.kmsKeyAlias !== false;
|
|
379
|
+
if (createAlias) {
|
|
380
|
+
resources.FriggKMSKeyAlias = {
|
|
365
381
|
Type: 'AWS::KMS::Alias',
|
|
366
382
|
DeletionPolicy: 'Retain',
|
|
367
383
|
Properties: {
|
|
368
384
|
AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
|
|
369
385
|
TargetKeyId: { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] },
|
|
370
386
|
},
|
|
371
|
-
}
|
|
372
|
-
}
|
|
387
|
+
};
|
|
388
|
+
} else {
|
|
389
|
+
console.log(' ℹ Skipping KMS key alias creation (kmsKeyAlias: false)');
|
|
390
|
+
}
|
|
391
|
+
|
|
392
|
+
return resources;
|
|
373
393
|
}
|
|
374
394
|
}
|
|
375
395
|
|
|
@@ -225,6 +225,23 @@ describe('KmsBuilder', () => {
|
|
|
225
225
|
expect(result.resources.FriggKMSKeyAlias.Type).toBe('AWS::KMS::Alias');
|
|
226
226
|
});
|
|
227
227
|
|
|
228
|
+
it('should skip alias creation when kmsKeyAlias: false', async () => {
|
|
229
|
+
const appDefinition = {
|
|
230
|
+
encryption: {
|
|
231
|
+
fieldLevelEncryptionMethod: 'kms',
|
|
232
|
+
createResourceIfNoneFound: true,
|
|
233
|
+
kmsKeyAlias: false,
|
|
234
|
+
},
|
|
235
|
+
};
|
|
236
|
+
|
|
237
|
+
const discoveredResources = {};
|
|
238
|
+
|
|
239
|
+
const result = await kmsBuilder.build(appDefinition, discoveredResources);
|
|
240
|
+
|
|
241
|
+
expect(result.resources.FriggKMSKey).toBeDefined();
|
|
242
|
+
expect(result.resources.FriggKMSKeyAlias).toBeUndefined();
|
|
243
|
+
});
|
|
244
|
+
|
|
228
245
|
it('should enable key rotation for new keys', async () => {
|
|
229
246
|
const appDefinition = {
|
|
230
247
|
encryption: {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@friggframework/devtools",
|
|
3
3
|
"prettier": "@friggframework/prettier-config",
|
|
4
|
-
"version": "2.0.0--canary.490.
|
|
4
|
+
"version": "2.0.0--canary.490.2395f42.0",
|
|
5
5
|
"bin": {
|
|
6
6
|
"frigg": "./frigg-cli/index.js"
|
|
7
7
|
},
|
|
@@ -16,9 +16,9 @@
|
|
|
16
16
|
"@babel/eslint-parser": "^7.18.9",
|
|
17
17
|
"@babel/parser": "^7.25.3",
|
|
18
18
|
"@babel/traverse": "^7.25.3",
|
|
19
|
-
"@friggframework/core": "2.0.0--canary.490.
|
|
20
|
-
"@friggframework/schemas": "2.0.0--canary.490.
|
|
21
|
-
"@friggframework/test": "2.0.0--canary.490.
|
|
19
|
+
"@friggframework/core": "2.0.0--canary.490.2395f42.0",
|
|
20
|
+
"@friggframework/schemas": "2.0.0--canary.490.2395f42.0",
|
|
21
|
+
"@friggframework/test": "2.0.0--canary.490.2395f42.0",
|
|
22
22
|
"@hapi/boom": "^10.0.1",
|
|
23
23
|
"@inquirer/prompts": "^5.3.8",
|
|
24
24
|
"axios": "^1.7.2",
|
|
@@ -46,8 +46,8 @@
|
|
|
46
46
|
"validate-npm-package-name": "^5.0.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@friggframework/eslint-config": "2.0.0--canary.490.
|
|
50
|
-
"@friggframework/prettier-config": "2.0.0--canary.490.
|
|
49
|
+
"@friggframework/eslint-config": "2.0.0--canary.490.2395f42.0",
|
|
50
|
+
"@friggframework/prettier-config": "2.0.0--canary.490.2395f42.0",
|
|
51
51
|
"aws-sdk-client-mock": "^4.1.0",
|
|
52
52
|
"aws-sdk-client-mock-jest": "^4.1.0",
|
|
53
53
|
"jest": "^30.1.3",
|
|
@@ -79,5 +79,5 @@
|
|
|
79
79
|
"publishConfig": {
|
|
80
80
|
"access": "public"
|
|
81
81
|
},
|
|
82
|
-
"gitHead": "
|
|
82
|
+
"gitHead": "2395f421f8b98b461ac607a31ed9d209b57968ae"
|
|
83
83
|
}
|