@friggframework/devtools 2.0.0--canary.490.581e175.0 → 2.0.0--canary.490.e01df69.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -295,6 +295,15 @@ class VpcBuilder extends InfrastructureBuilder {
|
|
|
295
295
|
}
|
|
296
296
|
}
|
|
297
297
|
|
|
298
|
+
// Add flat discovery properties directly to discovery object for resolver access
|
|
299
|
+
// The resolver checks both discovery.defaultSecurityGroupId and discovery.external array
|
|
300
|
+
discovery.defaultVpcId = flatDiscovery.defaultVpcId;
|
|
301
|
+
discovery.defaultSecurityGroupId = flatDiscovery.defaultSecurityGroupId;
|
|
302
|
+
discovery.privateSubnetId1 = flatDiscovery.privateSubnetId1;
|
|
303
|
+
discovery.privateSubnetId2 = flatDiscovery.privateSubnetId2;
|
|
304
|
+
discovery.natGatewayId = flatDiscovery.natGatewayId;
|
|
305
|
+
discovery.lambdaSecurityGroupId = flatDiscovery.lambdaSecurityGroupId;
|
|
306
|
+
|
|
298
307
|
return discovery;
|
|
299
308
|
}
|
|
300
309
|
|
|
@@ -1448,6 +1448,30 @@ describe('VpcBuilder', () => {
|
|
|
1448
1448
|
});
|
|
1449
1449
|
});
|
|
1450
1450
|
|
|
1451
|
+
describe('convertFlatDiscoveryToStructured - Direct Properties', () => {
|
|
1452
|
+
it('should copy flat discovery properties to structured discovery for resolver access', () => {
|
|
1453
|
+
const flatDiscovery = {
|
|
1454
|
+
fromCloudFormationStack: true,
|
|
1455
|
+
defaultVpcId: 'vpc-123',
|
|
1456
|
+
defaultSecurityGroupId: 'sg-default-456',
|
|
1457
|
+
lambdaSecurityGroupId: 'sg-lambda-789',
|
|
1458
|
+
privateSubnetId1: 'subnet-1',
|
|
1459
|
+
privateSubnetId2: 'subnet-2',
|
|
1460
|
+
natGatewayId: 'nat-123'
|
|
1461
|
+
};
|
|
1462
|
+
|
|
1463
|
+
const result = vpcBuilder.convertFlatDiscoveryToStructured(flatDiscovery);
|
|
1464
|
+
|
|
1465
|
+
// Direct properties should be copied for resolver access
|
|
1466
|
+
expect(result.defaultVpcId).toBe('vpc-123');
|
|
1467
|
+
expect(result.defaultSecurityGroupId).toBe('sg-default-456');
|
|
1468
|
+
expect(result.lambdaSecurityGroupId).toBe('sg-lambda-789');
|
|
1469
|
+
expect(result.privateSubnetId1).toBe('subnet-1');
|
|
1470
|
+
expect(result.privateSubnetId2).toBe('subnet-2');
|
|
1471
|
+
expect(result.natGatewayId).toBe('nat-123');
|
|
1472
|
+
});
|
|
1473
|
+
});
|
|
1474
|
+
|
|
1451
1475
|
describe('convertFlatDiscoveryToStructured - VPC Endpoints from CloudFormation', () => {
|
|
1452
1476
|
it('should add VPC endpoints to stackManaged when in existingLogicalIds', () => {
|
|
1453
1477
|
const flatDiscovery = {
|
|
@@ -116,9 +116,22 @@ class VpcResourceResolver extends BaseResourceResolver {
|
|
|
116
116
|
|
|
117
117
|
// No hardcoded IDs - try discovery
|
|
118
118
|
const structured = discovery._structured || discovery;
|
|
119
|
+
|
|
120
|
+
// When ownership='external', use ONLY the default SG, not the stack-managed lambda SG
|
|
121
|
+
// Check for lambdaSecurityGroupId first to avoid using it
|
|
122
|
+
const lambdaSgId = structured.lambdaSecurityGroupId || discovery.lambdaSecurityGroupId;
|
|
119
123
|
const defaultSgId = structured.defaultSecurityGroupId || discovery.defaultSecurityGroupId;
|
|
120
124
|
|
|
121
|
-
|
|
125
|
+
// If we have a default SG AND it's different from the lambda SG, use the default
|
|
126
|
+
if (defaultSgId && defaultSgId !== lambdaSgId) {
|
|
127
|
+
return this.createExternalDecision(
|
|
128
|
+
[defaultSgId],
|
|
129
|
+
'User specified ownership=external - using discovered default security group'
|
|
130
|
+
);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
// If only lambdaSgId exists, that means defaultSgId wasn't discovered
|
|
134
|
+
if (defaultSgId && !lambdaSgId) {
|
|
122
135
|
return this.createExternalDecision(
|
|
123
136
|
[defaultSgId],
|
|
124
137
|
'User specified ownership=external - using discovered default security group'
|
|
@@ -235,6 +235,30 @@ describe('VpcResourceResolver', () => {
|
|
|
235
235
|
);
|
|
236
236
|
});
|
|
237
237
|
|
|
238
|
+
it('should prefer default SG over stack-managed SG when ownership=external and both discovered', () => {
|
|
239
|
+
const appDefinition = {
|
|
240
|
+
vpc: {
|
|
241
|
+
ownership: { securityGroup: 'external' }
|
|
242
|
+
}
|
|
243
|
+
};
|
|
244
|
+
const discovery = {
|
|
245
|
+
stackManaged: [
|
|
246
|
+
{ logicalId: 'FriggLambdaSecurityGroup', physicalId: 'sg-stack-managed', resourceType: 'AWS::EC2::SecurityGroup' }
|
|
247
|
+
],
|
|
248
|
+
external: [],
|
|
249
|
+
fromCloudFormation: true,
|
|
250
|
+
lambdaSecurityGroupId: 'sg-stack-managed', // Stack-managed SG
|
|
251
|
+
defaultSecurityGroupId: 'sg-default-vpc' // Default VPC SG
|
|
252
|
+
};
|
|
253
|
+
|
|
254
|
+
const decision = resolver.resolveSecurityGroup(appDefinition, discovery);
|
|
255
|
+
|
|
256
|
+
// Should use default SG, NOT the stack-managed one
|
|
257
|
+
expect(decision.ownership).toBe(ResourceOwnership.EXTERNAL);
|
|
258
|
+
expect(decision.physicalIds).toEqual(['sg-default-vpc']);
|
|
259
|
+
expect(decision.reason).toContain('discovered default security group');
|
|
260
|
+
});
|
|
261
|
+
|
|
238
262
|
it('should auto-resolve to STACK when FriggLambdaSecurityGroup in stack', () => {
|
|
239
263
|
const appDefinition = { vpc: { ownership: { securityGroup: 'auto' } } };
|
|
240
264
|
const discovery = {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@friggframework/devtools",
|
|
3
3
|
"prettier": "@friggframework/prettier-config",
|
|
4
|
-
"version": "2.0.0--canary.490.
|
|
4
|
+
"version": "2.0.0--canary.490.e01df69.0",
|
|
5
5
|
"bin": {
|
|
6
6
|
"frigg": "./frigg-cli/index.js"
|
|
7
7
|
},
|
|
@@ -16,9 +16,9 @@
|
|
|
16
16
|
"@babel/eslint-parser": "^7.18.9",
|
|
17
17
|
"@babel/parser": "^7.25.3",
|
|
18
18
|
"@babel/traverse": "^7.25.3",
|
|
19
|
-
"@friggframework/core": "2.0.0--canary.490.
|
|
20
|
-
"@friggframework/schemas": "2.0.0--canary.490.
|
|
21
|
-
"@friggframework/test": "2.0.0--canary.490.
|
|
19
|
+
"@friggframework/core": "2.0.0--canary.490.e01df69.0",
|
|
20
|
+
"@friggframework/schemas": "2.0.0--canary.490.e01df69.0",
|
|
21
|
+
"@friggframework/test": "2.0.0--canary.490.e01df69.0",
|
|
22
22
|
"@hapi/boom": "^10.0.1",
|
|
23
23
|
"@inquirer/prompts": "^5.3.8",
|
|
24
24
|
"axios": "^1.7.2",
|
|
@@ -46,8 +46,8 @@
|
|
|
46
46
|
"validate-npm-package-name": "^5.0.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@friggframework/eslint-config": "2.0.0--canary.490.
|
|
50
|
-
"@friggframework/prettier-config": "2.0.0--canary.490.
|
|
49
|
+
"@friggframework/eslint-config": "2.0.0--canary.490.e01df69.0",
|
|
50
|
+
"@friggframework/prettier-config": "2.0.0--canary.490.e01df69.0",
|
|
51
51
|
"aws-sdk-client-mock": "^4.1.0",
|
|
52
52
|
"aws-sdk-client-mock-jest": "^4.1.0",
|
|
53
53
|
"jest": "^30.1.3",
|
|
@@ -79,5 +79,5 @@
|
|
|
79
79
|
"publishConfig": {
|
|
80
80
|
"access": "public"
|
|
81
81
|
},
|
|
82
|
-
"gitHead": "
|
|
82
|
+
"gitHead": "e01df6929184675de7553c9bb7388c31976988cb"
|
|
83
83
|
}
|