@friggframework/devtools 2.0.0-next.31 → 2.0.0-next.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/infrastructure/iam-generator.js +2 -0
  2. package/infrastructure/iam-policy-basic.json +2 -0
  3. package/infrastructure/iam-policy-full.json +2 -0
  4. package/infrastructure/serverless-template.js +41 -25
  5. package/package.json +6 -6
package/infrastructure/iam-generator.js CHANGED
@@ -431,6 +431,8 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
431
431
  Resource: [
432
432
  'arn:aws:apigateway:*::/restapis',
433
433
  'arn:aws:apigateway:*::/restapis/*',
434
+ 'arn:aws:apigateway:*::/apis',
435
+ 'arn:aws:apigateway:*::/apis/*',
434
436
  'arn:aws:apigateway:*::/domainnames',
435
437
  'arn:aws:apigateway:*::/domainnames/*'
436
438
  ]
package/infrastructure/iam-policy-basic.json CHANGED
@@ -204,6 +204,8 @@
204
204
  "Resource": [
205
205
  "arn:aws:apigateway:*::/restapis",
206
206
  "arn:aws:apigateway:*::/restapis/*",
207
+ "arn:aws:apigateway:*::/apis",
208
+ "arn:aws:apigateway:*::/apis/*",
207
209
  "arn:aws:apigateway:*::/domainnames",
208
210
  "arn:aws:apigateway:*::/domainnames/*"
209
211
  ]
package/infrastructure/iam-policy-full.json CHANGED
@@ -204,6 +204,8 @@
204
204
  "Resource": [
205
205
  "arn:aws:apigateway:*::/restapis",
206
206
  "arn:aws:apigateway:*::/restapis/*",
207
+ "arn:aws:apigateway:*::/apis",
208
+ "arn:aws:apigateway:*::/apis/*",
207
209
  "arn:aws:apigateway:*::/domainnames",
208
210
  "arn:aws:apigateway:*::/domainnames/*"
209
211
  ]
package/infrastructure/serverless-template.js CHANGED
@@ -724,37 +724,53 @@ const composeServerlessDefinition = async (AppDefinition) => {
724
724
 
725
725
  // KMS Configuration based on App Definition
726
726
  if (AppDefinition.encryption?.useDefaultKMSForFieldLevelEncryption === true) {
727
- // Provision a dedicated KMS key and wire it automatically
728
- definition.resources.Resources.FriggKMSKey = {
729
- Type: 'AWS::KMS::Key',
730
- Properties: {
731
- EnableKeyRotation: true,
732
- KeyPolicy: {
733
- Version: '2012-10-17',
734
- Statement: [
735
- {
736
- Sid: 'AllowRootAccountAdmin',
737
- Effect: 'Allow',
738
- Principal: { AWS: { 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:root' } },
739
- Action: 'kms:*',
740
- Resource: '*'
741
- }
742
- ]
727
+ // Check if a KMS key was discovered
728
+ if (discoveredResources.defaultKmsKeyId) {
729
+ // Use the existing discovered KMS key
730
+ console.log(`Using existing KMS key: ${discoveredResources.defaultKmsKeyId}`);
731
+
732
+ definition.provider.iamRoleStatements.push({
733
+ Effect: 'Allow',
734
+ Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
735
+ Resource: [discoveredResources.defaultKmsKeyId]
736
+ });
737
+
738
+ definition.provider.environment.KMS_KEY_ARN = discoveredResources.defaultKmsKeyId;
739
+ } else {
740
+ // No existing key found, provision a dedicated KMS key
741
+ console.log('No existing KMS key found, creating a new one...');
742
+
743
+ definition.resources.Resources.FriggKMSKey = {
744
+ Type: 'AWS::KMS::Key',
745
+ Properties: {
746
+ EnableKeyRotation: true,
747
+ KeyPolicy: {
748
+ Version: '2012-10-17',
749
+ Statement: [
750
+ {
751
+ Sid: 'AllowRootAccountAdmin',
752
+ Effect: 'Allow',
753
+ Principal: { AWS: { 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:root' } },
754
+ Action: 'kms:*',
755
+ Resource: '*'
756
+ }
757
+ ]
758
+ }
743
759
  }
744
- }
745
- };
760
+ };
746
761
 
747
- definition.provider.iamRoleStatements.push({
748
- Effect: 'Allow',
749
- Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
750
- Resource: [{ 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }]
751
- });
762
+ definition.provider.iamRoleStatements.push({
763
+ Effect: 'Allow',
764
+ Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
765
+ Resource: [{ 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }]
766
+ });
752
767
 
753
- definition.provider.environment.KMS_KEY_ARN = { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] };
768
+ definition.provider.environment.KMS_KEY_ARN = { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] };
769
+ }
754
770
 
755
771
  definition.plugins.push('serverless-kms-grants');
756
772
 
757
- // Configure KMS grants with discovered default key
773
+ // Configure KMS grants with discovered default key or environment variable
758
774
  definition.custom.kmsGrants = {
759
775
  kmsKeyId: discoveredResources.defaultKmsKeyId || '${env:AWS_DISCOVERY_KMS_KEY_ID}'
760
776
  };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@friggframework/devtools",
3
3
  "prettier": "@friggframework/prettier-config",
4
- "version": "2.0.0-next.31",
4
+ "version": "2.0.0-next.33",
5
5
  "dependencies": {
6
6
  "@aws-sdk/client-ec2": "^3.835.0",
7
7
  "@aws-sdk/client-kms": "^3.835.0",
@@ -9,8 +9,8 @@
9
9
  "@babel/eslint-parser": "^7.18.9",
10
10
  "@babel/parser": "^7.25.3",
11
11
  "@babel/traverse": "^7.25.3",
12
- "@friggframework/schemas": "2.0.0-next.31",
13
- "@friggframework/test": "2.0.0-next.31",
12
+ "@friggframework/schemas": "2.0.0-next.33",
13
+ "@friggframework/test": "2.0.0-next.33",
14
14
  "@hapi/boom": "^10.0.1",
15
15
  "@inquirer/prompts": "^5.3.8",
16
16
  "axios": "^1.7.2",
@@ -32,8 +32,8 @@
32
32
  "serverless-http": "^2.7.0"
33
33
  },
34
34
  "devDependencies": {
35
- "@friggframework/eslint-config": "2.0.0-next.31",
36
- "@friggframework/prettier-config": "2.0.0-next.31",
35
+ "@friggframework/eslint-config": "2.0.0-next.33",
36
+ "@friggframework/prettier-config": "2.0.0-next.33",
37
37
  "prettier": "^2.7.1",
38
38
  "serverless": "3.39.0",
39
39
  "serverless-dotenv-plugin": "^6.0.0",
@@ -65,5 +65,5 @@
65
65
  "publishConfig": {
66
66
  "access": "public"
67
67
  },
68
- "gitHead": "d84f0b28ddcc059c80becb551a9b266d7d0e77e9"
68
+ "gitHead": "539fd5892cd0254f3e89917abef3b3c2b2f4877e"
69
69
  }