@friggframework/devtools 2.0.0--canary.490.581e175.0 → 2.0.0--canary.490.e01df69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/infrastructure/domains/networking/vpc-builder.js +9 -0
  2. package/infrastructure/domains/networking/vpc-builder.test.js +24 -0
  3. package/infrastructure/domains/networking/vpc-resolver.js +14 -1
  4. package/infrastructure/domains/networking/vpc-resolver.test.js +24 -0
  5. package/package.json +7 -7
package/infrastructure/domains/networking/vpc-builder.js CHANGED
@@ -295,6 +295,15 @@ class VpcBuilder extends InfrastructureBuilder {
295
295
  }
296
296
  }
297
297
 
298
+ // Add flat discovery properties directly to discovery object for resolver access
299
+ // The resolver checks both discovery.defaultSecurityGroupId and discovery.external array
300
+ discovery.defaultVpcId = flatDiscovery.defaultVpcId;
301
+ discovery.defaultSecurityGroupId = flatDiscovery.defaultSecurityGroupId;
302
+ discovery.privateSubnetId1 = flatDiscovery.privateSubnetId1;
303
+ discovery.privateSubnetId2 = flatDiscovery.privateSubnetId2;
304
+ discovery.natGatewayId = flatDiscovery.natGatewayId;
305
+ discovery.lambdaSecurityGroupId = flatDiscovery.lambdaSecurityGroupId;
306
+
298
307
  return discovery;
299
308
  }
300
309
 
package/infrastructure/domains/networking/vpc-builder.test.js CHANGED
@@ -1448,6 +1448,30 @@ describe('VpcBuilder', () => {
1448
1448
  });
1449
1449
  });
1450
1450
 
1451
+ describe('convertFlatDiscoveryToStructured - Direct Properties', () => {
1452
+ it('should copy flat discovery properties to structured discovery for resolver access', () => {
1453
+ const flatDiscovery = {
1454
+ fromCloudFormationStack: true,
1455
+ defaultVpcId: 'vpc-123',
1456
+ defaultSecurityGroupId: 'sg-default-456',
1457
+ lambdaSecurityGroupId: 'sg-lambda-789',
1458
+ privateSubnetId1: 'subnet-1',
1459
+ privateSubnetId2: 'subnet-2',
1460
+ natGatewayId: 'nat-123'
1461
+ };
1462
+
1463
+ const result = vpcBuilder.convertFlatDiscoveryToStructured(flatDiscovery);
1464
+
1465
+ // Direct properties should be copied for resolver access
1466
+ expect(result.defaultVpcId).toBe('vpc-123');
1467
+ expect(result.defaultSecurityGroupId).toBe('sg-default-456');
1468
+ expect(result.lambdaSecurityGroupId).toBe('sg-lambda-789');
1469
+ expect(result.privateSubnetId1).toBe('subnet-1');
1470
+ expect(result.privateSubnetId2).toBe('subnet-2');
1471
+ expect(result.natGatewayId).toBe('nat-123');
1472
+ });
1473
+ });
1474
+
1451
1475
  describe('convertFlatDiscoveryToStructured - VPC Endpoints from CloudFormation', () => {
1452
1476
  it('should add VPC endpoints to stackManaged when in existingLogicalIds', () => {
1453
1477
  const flatDiscovery = {
package/infrastructure/domains/networking/vpc-resolver.js CHANGED
@@ -116,9 +116,22 @@ class VpcResourceResolver extends BaseResourceResolver {
116
116
 
117
117
  // No hardcoded IDs - try discovery
118
118
  const structured = discovery._structured || discovery;
119
+
120
+ // When ownership='external', use ONLY the default SG, not the stack-managed lambda SG
121
+ // Check for lambdaSecurityGroupId first to avoid using it
122
+ const lambdaSgId = structured.lambdaSecurityGroupId || discovery.lambdaSecurityGroupId;
119
123
  const defaultSgId = structured.defaultSecurityGroupId || discovery.defaultSecurityGroupId;
120
124
 
121
- if (defaultSgId) {
125
+ // If we have a default SG AND it's different from the lambda SG, use the default
126
+ if (defaultSgId && defaultSgId !== lambdaSgId) {
127
+ return this.createExternalDecision(
128
+ [defaultSgId],
129
+ 'User specified ownership=external - using discovered default security group'
130
+ );
131
+ }
132
+
133
+ // If only lambdaSgId exists, that means defaultSgId wasn't discovered
134
+ if (defaultSgId && !lambdaSgId) {
122
135
  return this.createExternalDecision(
123
136
  [defaultSgId],
124
137
  'User specified ownership=external - using discovered default security group'
package/infrastructure/domains/networking/vpc-resolver.test.js CHANGED
@@ -235,6 +235,30 @@ describe('VpcResourceResolver', () => {
235
235
  );
236
236
  });
237
237
 
238
+ it('should prefer default SG over stack-managed SG when ownership=external and both discovered', () => {
239
+ const appDefinition = {
240
+ vpc: {
241
+ ownership: { securityGroup: 'external' }
242
+ }
243
+ };
244
+ const discovery = {
245
+ stackManaged: [
246
+ { logicalId: 'FriggLambdaSecurityGroup', physicalId: 'sg-stack-managed', resourceType: 'AWS::EC2::SecurityGroup' }
247
+ ],
248
+ external: [],
249
+ fromCloudFormation: true,
250
+ lambdaSecurityGroupId: 'sg-stack-managed', // Stack-managed SG
251
+ defaultSecurityGroupId: 'sg-default-vpc' // Default VPC SG
252
+ };
253
+
254
+ const decision = resolver.resolveSecurityGroup(appDefinition, discovery);
255
+
256
+ // Should use default SG, NOT the stack-managed one
257
+ expect(decision.ownership).toBe(ResourceOwnership.EXTERNAL);
258
+ expect(decision.physicalIds).toEqual(['sg-default-vpc']);
259
+ expect(decision.reason).toContain('discovered default security group');
260
+ });
261
+
238
262
  it('should auto-resolve to STACK when FriggLambdaSecurityGroup in stack', () => {
239
263
  const appDefinition = { vpc: { ownership: { securityGroup: 'auto' } } };
240
264
  const discovery = {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@friggframework/devtools",
3
3
  "prettier": "@friggframework/prettier-config",
4
- "version": "2.0.0--canary.490.581e175.0",
4
+ "version": "2.0.0--canary.490.e01df69.0",
5
5
  "bin": {
6
6
  "frigg": "./frigg-cli/index.js"
7
7
  },
@@ -16,9 +16,9 @@
16
16
  "@babel/eslint-parser": "^7.18.9",
17
17
  "@babel/parser": "^7.25.3",
18
18
  "@babel/traverse": "^7.25.3",
19
- "@friggframework/core": "2.0.0--canary.490.581e175.0",
20
- "@friggframework/schemas": "2.0.0--canary.490.581e175.0",
21
- "@friggframework/test": "2.0.0--canary.490.581e175.0",
19
+ "@friggframework/core": "2.0.0--canary.490.e01df69.0",
20
+ "@friggframework/schemas": "2.0.0--canary.490.e01df69.0",
21
+ "@friggframework/test": "2.0.0--canary.490.e01df69.0",
22
22
  "@hapi/boom": "^10.0.1",
23
23
  "@inquirer/prompts": "^5.3.8",
24
24
  "axios": "^1.7.2",
@@ -46,8 +46,8 @@
46
46
  "validate-npm-package-name": "^5.0.0"
47
47
  },
48
48
  "devDependencies": {
49
- "@friggframework/eslint-config": "2.0.0--canary.490.581e175.0",
50
- "@friggframework/prettier-config": "2.0.0--canary.490.581e175.0",
49
+ "@friggframework/eslint-config": "2.0.0--canary.490.e01df69.0",
50
+ "@friggframework/prettier-config": "2.0.0--canary.490.e01df69.0",
51
51
  "aws-sdk-client-mock": "^4.1.0",
52
52
  "aws-sdk-client-mock-jest": "^4.1.0",
53
53
  "jest": "^30.1.3",
@@ -79,5 +79,5 @@
79
79
  "publishConfig": {
80
80
  "access": "public"
81
81
  },
82
- "gitHead": "581e17591e9029cfc6326cdfc4b647b625ed8572"
82
+ "gitHead": "e01df6929184675de7553c9bb7388c31976988cb"
83
83
  }