@friggframework/devtools 2.0.0--canary.490.81a6847.0 → 2.0.0--canary.490.e01df69.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -116,9 +116,22 @@ class VpcResourceResolver extends BaseResourceResolver {
|
|
|
116
116
|
|
|
117
117
|
// No hardcoded IDs - try discovery
|
|
118
118
|
const structured = discovery._structured || discovery;
|
|
119
|
+
|
|
120
|
+
// When ownership='external', use ONLY the default SG, not the stack-managed lambda SG
|
|
121
|
+
// Check for lambdaSecurityGroupId first to avoid using it
|
|
122
|
+
const lambdaSgId = structured.lambdaSecurityGroupId || discovery.lambdaSecurityGroupId;
|
|
119
123
|
const defaultSgId = structured.defaultSecurityGroupId || discovery.defaultSecurityGroupId;
|
|
120
124
|
|
|
121
|
-
|
|
125
|
+
// If we have a default SG AND it's different from the lambda SG, use the default
|
|
126
|
+
if (defaultSgId && defaultSgId !== lambdaSgId) {
|
|
127
|
+
return this.createExternalDecision(
|
|
128
|
+
[defaultSgId],
|
|
129
|
+
'User specified ownership=external - using discovered default security group'
|
|
130
|
+
);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
// If only lambdaSgId exists, that means defaultSgId wasn't discovered
|
|
134
|
+
if (defaultSgId && !lambdaSgId) {
|
|
122
135
|
return this.createExternalDecision(
|
|
123
136
|
[defaultSgId],
|
|
124
137
|
'User specified ownership=external - using discovered default security group'
|
|
@@ -235,6 +235,30 @@ describe('VpcResourceResolver', () => {
|
|
|
235
235
|
);
|
|
236
236
|
});
|
|
237
237
|
|
|
238
|
+
it('should prefer default SG over stack-managed SG when ownership=external and both discovered', () => {
|
|
239
|
+
const appDefinition = {
|
|
240
|
+
vpc: {
|
|
241
|
+
ownership: { securityGroup: 'external' }
|
|
242
|
+
}
|
|
243
|
+
};
|
|
244
|
+
const discovery = {
|
|
245
|
+
stackManaged: [
|
|
246
|
+
{ logicalId: 'FriggLambdaSecurityGroup', physicalId: 'sg-stack-managed', resourceType: 'AWS::EC2::SecurityGroup' }
|
|
247
|
+
],
|
|
248
|
+
external: [],
|
|
249
|
+
fromCloudFormation: true,
|
|
250
|
+
lambdaSecurityGroupId: 'sg-stack-managed', // Stack-managed SG
|
|
251
|
+
defaultSecurityGroupId: 'sg-default-vpc' // Default VPC SG
|
|
252
|
+
};
|
|
253
|
+
|
|
254
|
+
const decision = resolver.resolveSecurityGroup(appDefinition, discovery);
|
|
255
|
+
|
|
256
|
+
// Should use default SG, NOT the stack-managed one
|
|
257
|
+
expect(decision.ownership).toBe(ResourceOwnership.EXTERNAL);
|
|
258
|
+
expect(decision.physicalIds).toEqual(['sg-default-vpc']);
|
|
259
|
+
expect(decision.reason).toContain('discovered default security group');
|
|
260
|
+
});
|
|
261
|
+
|
|
238
262
|
it('should auto-resolve to STACK when FriggLambdaSecurityGroup in stack', () => {
|
|
239
263
|
const appDefinition = { vpc: { ownership: { securityGroup: 'auto' } } };
|
|
240
264
|
const discovery = {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@friggframework/devtools",
|
|
3
3
|
"prettier": "@friggframework/prettier-config",
|
|
4
|
-
"version": "2.0.0--canary.490.
|
|
4
|
+
"version": "2.0.0--canary.490.e01df69.0",
|
|
5
5
|
"bin": {
|
|
6
6
|
"frigg": "./frigg-cli/index.js"
|
|
7
7
|
},
|
|
@@ -16,9 +16,9 @@
|
|
|
16
16
|
"@babel/eslint-parser": "^7.18.9",
|
|
17
17
|
"@babel/parser": "^7.25.3",
|
|
18
18
|
"@babel/traverse": "^7.25.3",
|
|
19
|
-
"@friggframework/core": "2.0.0--canary.490.
|
|
20
|
-
"@friggframework/schemas": "2.0.0--canary.490.
|
|
21
|
-
"@friggframework/test": "2.0.0--canary.490.
|
|
19
|
+
"@friggframework/core": "2.0.0--canary.490.e01df69.0",
|
|
20
|
+
"@friggframework/schemas": "2.0.0--canary.490.e01df69.0",
|
|
21
|
+
"@friggframework/test": "2.0.0--canary.490.e01df69.0",
|
|
22
22
|
"@hapi/boom": "^10.0.1",
|
|
23
23
|
"@inquirer/prompts": "^5.3.8",
|
|
24
24
|
"axios": "^1.7.2",
|
|
@@ -46,8 +46,8 @@
|
|
|
46
46
|
"validate-npm-package-name": "^5.0.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@friggframework/eslint-config": "2.0.0--canary.490.
|
|
50
|
-
"@friggframework/prettier-config": "2.0.0--canary.490.
|
|
49
|
+
"@friggframework/eslint-config": "2.0.0--canary.490.e01df69.0",
|
|
50
|
+
"@friggframework/prettier-config": "2.0.0--canary.490.e01df69.0",
|
|
51
51
|
"aws-sdk-client-mock": "^4.1.0",
|
|
52
52
|
"aws-sdk-client-mock-jest": "^4.1.0",
|
|
53
53
|
"jest": "^30.1.3",
|
|
@@ -79,5 +79,5 @@
|
|
|
79
79
|
"publishConfig": {
|
|
80
80
|
"access": "public"
|
|
81
81
|
},
|
|
82
|
-
"gitHead": "
|
|
82
|
+
"gitHead": "e01df6929184675de7553c9bb7388c31976988cb"
|
|
83
83
|
}
|