@friggframework/devtools 2.0.0-next.35 → 2.0.0-next.36

package/frigg-cli/deploy-command/index.js

@@ -1,26 +1,155 @@
-const { spawn, spawnSync } = require('child_process');
+const { spawn } = require('child_process');
 const path = require('path');
+const fs = require('fs');
 
-async function deployCommand(options) {
-    console.log('Deploying the serverless application...');
+// Configuration constants
+const PATHS = {
+    APP_DEFINITION: 'index.js',
+    INFRASTRUCTURE: 'infrastructure.js'
+};
+
+const COMMANDS = {
+    SERVERLESS: 'serverless'
+};
+
+/**
+ * Constructs filtered environment variables for serverless deployment
+ * @param {string[]} appDefinedVariables - Array of environment variable names from app definition
+ * @returns {Object} Filtered environment variables object
+ */
+function buildFilteredEnvironment(appDefinedVariables) {
+    return {
+        // Essential system variables needed to run serverless
+        PATH: process.env.PATH,
+        HOME: process.env.HOME,
+        USER: process.env.USER,
+
+        // AWS credentials and configuration (all AWS_ prefixed variables)
+        ...Object.fromEntries(
+            Object.entries(process.env).filter(([key]) =>
+                key.startsWith('AWS_')
+            )
+        ),
+
+        // App-defined environment variables
+        ...Object.fromEntries(
+            appDefinedVariables
+                .map((key) => [key, process.env[key]])
+                .filter(([_, value]) => value !== undefined)
+        ),
+    };
+}
+
+/**
+ * Loads and parses the app definition from index.js
+ * @returns {Object|null} App definition object or null if not found
+ */
+function loadAppDefinition() {
+    const appDefPath = path.join(process.cwd(), PATHS.APP_DEFINITION);
+    
+    if (!fs.existsSync(appDefPath)) {
+        return null;
+    }
+
+    try {
+        const { Definition } = require(appDefPath);
+        return Definition;
+    } catch (error) {
+        console.warn('Could not load appDefinition environment config:', error.message);
+        return null;
+    }
+}
+
+/**
+ * Extracts environment variable names from app definition
+ * @param {Object} appDefinition - App definition object
+ * @returns {string[]} Array of environment variable names
+ */
+function extractEnvironmentVariables(appDefinition) {
+    if (!appDefinition?.environment) {
+        return [];
+    }
+
+    console.log('🔧 Loading environment configuration from appDefinition...');
+    
+    const appDefinedVariables = Object.keys(appDefinition.environment).filter(
+        (key) => appDefinition.environment[key] === true
+    );
+
+    console.log(`   Found ${appDefinedVariables.length} environment variables: ${appDefinedVariables.join(', ')}`);
+    return appDefinedVariables;
+}
+
+/**
+ * Handles environment validation warnings
+ * @param {Object} validation - Validation result object
+ * @param {Object} options - Deploy command options
+ */
+function handleValidationWarnings(validation, options) {
+    if (validation.missing.length === 0 || options.skipEnvValidation) {
+        return;
+    }
 
-    // AWS discovery is now handled directly in serverless-template.js
-    console.log('🤘🏼 Deploying serverless application...');
-    const backendPath = path.resolve(process.cwd());
-    const infrastructurePath = 'infrastructure.js';
-    const command = 'serverless';
+    console.warn(`⚠️  Warning: Missing ${validation.missing.length} environment variables: ${validation.missing.join(', ')}`);
+    console.warn('   These variables are optional and deployment will continue');
+    console.warn('   Run with --skip-env-validation to bypass this check');
+}
+
+/**
+ * Validates environment variables and builds filtered environment
+ * @param {Object} appDefinition - App definition object
+ * @param {Object} options - Deploy command options
+ * @returns {Object} Filtered environment variables
+ */
+function validateAndBuildEnvironment(appDefinition, options) {
+    if (!appDefinition) {
+        return buildFilteredEnvironment([]);
+    }
+
+    const appDefinedVariables = extractEnvironmentVariables(appDefinition);
+
+    // Try to use the env-validator if available
+    try {
+        const { validateEnvironmentVariables } = require('@friggframework/devtools/infrastructure/env-validator');
+        const validation = validateEnvironmentVariables(appDefinition);
+
+        handleValidationWarnings(validation, options);
+        return buildFilteredEnvironment(appDefinedVariables);
+
+    } catch (validatorError) {
+        // Validator not available, do basic validation
+        const missingVariables = appDefinedVariables.filter((variable) => !process.env[variable]);
+        
+        if (missingVariables.length > 0) {
+            console.warn(`⚠️  Warning: Missing ${missingVariables.length} environment variables: ${missingVariables.join(', ')}`);
+            console.warn('   These variables are optional and deployment will continue');
+            console.warn('   Set them in your CI/CD environment or .env file if needed');
+        }
+
+        return buildFilteredEnvironment(appDefinedVariables);
+    }
+}
+
+/**
+ * Executes the serverless deployment command
+ * @param {Object} environment - Environment variables to pass to serverless
+ * @param {Object} options - Deploy command options
+ */
+function executeServerlessDeployment(environment, options) {
+    console.log('🚀 Deploying serverless application...');
+    
     const serverlessArgs = [
         'deploy',
         '--config',
-        infrastructurePath,
+        PATHS.INFRASTRUCTURE,
         '--stage',
         options.stage,
     ];
 
-    const childProcess = spawn(command, serverlessArgs, {
-        cwd: backendPath,
+    const childProcess = spawn(COMMANDS.SERVERLESS, serverlessArgs, {
+        cwd: path.resolve(process.cwd()),
         stdio: 'inherit',
-        env: { ...process.env },
+        env: environment,
     });
 
     childProcess.on('error', (error) => {
@@ -34,4 +163,13 @@ async function deployCommand(options) {
     });
 }
 
+async function deployCommand(options) {
+    console.log('Deploying the serverless application...');
+
+    const appDefinition = loadAppDefinition();
+    const environment = validateAndBuildEnvironment(appDefinition, options);
+    
+    executeServerlessDeployment(environment, options);
+}
+
 module.exports = { deployCommand };

package/infrastructure/env-validator.js

@@ -0,0 +1,77 @@
+/**
+ * Environment variable validator for Frigg applications
+ * Validates that required environment variables are present based on appDefinition
+ */
+
+/**
+ * Validate environment variables against appDefinition
+ * @param {Object} AppDefinition - Application definition with environment config
+ * @returns {Object} Validation results with valid, missing, and warnings arrays
+ */
+const validateEnvironmentVariables = (AppDefinition) => {
+    const results = {
+        valid: [],
+        missing: [],
+        warnings: [],
+    };
+
+    if (!AppDefinition.environment) {
+        return results;
+    }
+
+    console.log('🔍 Validating environment variables...');
+
+    for (const [key, value] of Object.entries(AppDefinition.environment)) {
+        if (value === true) {
+            if (process.env[key]) {
+                results.valid.push(key);
+            } else {
+                results.missing.push(key);
+            }
+        }
+    }
+
+    // Special handling for certain variables
+    if (results.missing.includes('NODE_ENV')) {
+        results.warnings.push('NODE_ENV not set, defaulting to "production"');
+        // Remove from missing since it has a default
+        results.missing = results.missing.filter((v) => v !== 'NODE_ENV');
+    }
+
+    // Report results
+    if (results.valid.length > 0) {
+        console.log(
+            `   ✅ Valid: ${results.valid.length} environment variables found`
+        );
+    }
+
+    if (results.missing.length > 0) {
+        console.log(`   ⚠️  Missing: ${results.missing.join(', ')}`);
+        results.warnings.push(
+            `Missing ${results.missing.length} environment variables. These should be set in your CI/CD environment or .env file`
+        );
+    }
+
+    if (results.warnings.length > 0) {
+        results.warnings.forEach((warning) => {
+            console.log(`   ⚠️  ${warning}`);
+        });
+    }
+
+    return results;
+};
+
+/**
+ * Check if all required environment variables are present
+ * @param {Object} AppDefinition - Application definition
+ * @returns {boolean} True if all required variables are present
+ */
+const hasAllRequiredEnvVars = (AppDefinition) => {
+    const results = validateEnvironmentVariables(AppDefinition);
+    return results.missing.length === 0;
+};
+
+module.exports = {
+    validateEnvironmentVariables,
+    hasAllRequiredEnvVars,
+};

package/infrastructure/iam-generator.js

@@ -180,6 +180,114 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
     };
 
     // Add Core Deployment Policy (always needed)
+    const coreActions = [
+        // CloudFormation permissions
+        'cloudformation:CreateStack',
+        'cloudformation:UpdateStack',
+        'cloudformation:DeleteStack',
+        'cloudformation:DescribeStacks',
+        'cloudformation:DescribeStackEvents',
+        'cloudformation:DescribeStackResources',
+        'cloudformation:DescribeStackResource',
+        'cloudformation:ListStackResources',
+        'cloudformation:GetTemplate',
+        'cloudformation:DescribeChangeSet',
+        'cloudformation:CreateChangeSet',
+        'cloudformation:DeleteChangeSet',
+        'cloudformation:ExecuteChangeSet',
+        'cloudformation:ValidateTemplate',
+
+        // Lambda permissions
+        'lambda:CreateFunction',
+        'lambda:UpdateFunctionCode',
+        'lambda:UpdateFunctionConfiguration',
+        'lambda:DeleteFunction',
+        'lambda:GetFunction',
+        'lambda:ListFunctions',
+        'lambda:PublishVersion',
+        'lambda:CreateAlias',
+        'lambda:UpdateAlias',
+        'lambda:DeleteAlias',
+        'lambda:GetAlias',
+        'lambda:AddPermission',
+        'lambda:RemovePermission',
+        'lambda:GetPolicy',
+        'lambda:PutProvisionedConcurrencyConfig',
+        'lambda:DeleteProvisionedConcurrencyConfig',
+        'lambda:PutConcurrency',
+        'lambda:DeleteConcurrency',
+        'lambda:TagResource',
+        'lambda:UntagResource',
+        'lambda:ListVersionsByFunction',
+
+        // IAM permissions
+        'iam:CreateRole',
+        'iam:DeleteRole',
+        'iam:GetRole',
+        'iam:PassRole',
+        'iam:PutRolePolicy',
+        'iam:DeleteRolePolicy',
+        'iam:GetRolePolicy',
+        'iam:AttachRolePolicy',
+        'iam:DetachRolePolicy',
+        'iam:TagRole',
+        'iam:UntagRole',
+        'iam:ListPolicyVersions',
+
+        // S3 permissions
+        's3:CreateBucket',
+        's3:PutObject',
+        's3:GetObject',
+        's3:DeleteObject',
+        's3:PutBucketPolicy',
+        's3:PutBucketVersioning',
+        's3:PutBucketPublicAccessBlock',
+        's3:GetBucketLocation',
+        's3:ListBucket',
+
+        // SQS permissions
+        'sqs:CreateQueue',
+        'sqs:DeleteQueue',
+        'sqs:GetQueueAttributes',
+        'sqs:SetQueueAttributes',
+        'sqs:GetQueueUrl',
+        'sqs:TagQueue',
+        'sqs:UntagQueue',
+
+        // SNS permissions
+        'sns:CreateTopic',
+        'sns:DeleteTopic',
+        'sns:GetTopicAttributes',
+        'sns:SetTopicAttributes',
+        'sns:Subscribe',
+        'sns:Unsubscribe',
+        'sns:ListSubscriptionsByTopic',
+        'sns:TagResource',
+        'sns:UntagResource',
+
+        // CloudWatch and Logs permissions
+        'cloudwatch:PutMetricAlarm',
+        'cloudwatch:DeleteAlarms',
+        'cloudwatch:DescribeAlarms',
+        'logs:CreateLogGroup',
+        'logs:CreateLogStream',
+        'logs:DeleteLogGroup',
+        'logs:DescribeLogGroups',
+        'logs:DescribeLogStreams',
+        'logs:FilterLogEvents',
+        'logs:PutLogEvents',
+        'logs:PutRetentionPolicy',
+
+        // API Gateway permissions
+        'apigateway:POST',
+        'apigateway:PUT',
+        'apigateway:DELETE',
+        'apigateway:GET',
+        'apigateway:PATCH',
+        'apigateway:TagResource',
+        'apigateway:UntagResource',
+    ];
+
     const coreStatements = [
         {
             Sid: 'CloudFormationFriggStacks',
@@ -374,6 +482,8 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'apigateway:DELETE',
                 'apigateway:GET',
                 'apigateway:PATCH',
+                'apigateway:TagResource',
+                'apigateway:UntagResource',
             ],
             Resource: [
                 'arn:aws:apigateway:*::/restapis',
@@ -397,8 +507,6 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'arn:aws:apigateway:*::/apis/*',
                 'arn:aws:apigateway:*::/apis/*/stages',
                 'arn:aws:apigateway:*::/apis/*/stages/*',
-                'arn:aws:apigateway:*::/apis/*/mappings',
-                'arn:aws:apigateway:*::/apis/*/mappings/*',
                 'arn:aws:apigateway:*::/domainnames',
                 'arn:aws:apigateway:*::/domainnames/*',
                 'arn:aws:apigateway:*::/domainnames/*/apimappings',

package/infrastructure/iam-policy-basic.json

@@ -199,13 +199,17 @@
         "apigateway:PUT",
         "apigateway:DELETE",
         "apigateway:GET",
-        "apigateway:PATCH"
+        "apigateway:PATCH",
+        "apigateway:TagResource",
+        "apigateway:UntagResource"
       ],
       "Resource": [
         "arn:aws:apigateway:*::/restapis",
         "arn:aws:apigateway:*::/restapis/*",
         "arn:aws:apigateway:*::/apis",
         "arn:aws:apigateway:*::/apis/*",
+        "arn:aws:apigateway:*::/apis/*/stages",
+        "arn:aws:apigateway:*::/apis/*/stages/*",
         "arn:aws:apigateway:*::/domainnames",
         "arn:aws:apigateway:*::/domainnames/*"
       ]

package/infrastructure/iam-policy-full.json

@@ -199,13 +199,17 @@
         "apigateway:PUT",
         "apigateway:DELETE",
         "apigateway:GET",
-        "apigateway:PATCH"
+        "apigateway:PATCH",
+        "apigateway:TagResource",
+        "apigateway:UntagResource"
       ],
       "Resource": [
         "arn:aws:apigateway:*::/restapis",
         "arn:aws:apigateway:*::/restapis/*",
         "arn:aws:apigateway:*::/apis",
         "arn:aws:apigateway:*::/apis/*",
+        "arn:aws:apigateway:*::/apis/*/stages",
+        "arn:aws:apigateway:*::/apis/*/stages/*",
         "arn:aws:apigateway:*::/domainnames",
         "arn:aws:apigateway:*::/domainnames/*"
       ]

package/infrastructure/serverless-template.js

@@ -16,6 +16,68 @@ const shouldRunDiscovery = (AppDefinition) => {
     );
 };
 
+/**
+ * Extract environment variables from AppDefinition
+ * @param {Object} AppDefinition - Application definition
+ * @returns {Object} Environment variables to set in serverless
+ */
+const getAppEnvironmentVars = (AppDefinition) => {
+    const envVars = {};
+
+    // AWS Lambda reserved environment variables that cannot be set (from official AWS docs)
+    const reservedVars = new Set([
+        '_HANDLER',
+        '_X_AMZN_TRACE_ID',
+        'AWS_DEFAULT_REGION',
+        'AWS_EXECUTION_ENV',
+        'AWS_REGION',
+        'AWS_LAMBDA_FUNCTION_NAME',
+        'AWS_LAMBDA_FUNCTION_MEMORY_SIZE',
+        'AWS_LAMBDA_FUNCTION_VERSION',
+        'AWS_LAMBDA_INITIALIZATION_TYPE',
+        'AWS_LAMBDA_LOG_GROUP_NAME',
+        'AWS_LAMBDA_LOG_STREAM_NAME',
+        'AWS_ACCESS_KEY',
+        'AWS_ACCESS_KEY_ID',
+        'AWS_SECRET_ACCESS_KEY',
+        'AWS_SESSION_TOKEN',
+    ]);
+
+    if (AppDefinition.environment) {
+        console.log('📋 Loading environment variables from appDefinition...');
+        const envKeys = [];
+        const skippedKeys = [];
+
+        for (const [key, value] of Object.entries(AppDefinition.environment)) {
+            if (value === true) {
+                if (reservedVars.has(key)) {
+                    skippedKeys.push(key);
+                } else {
+                    envVars[key] = `\${env:${key}, ''}`;
+                    envKeys.push(key);
+                }
+            }
+        }
+
+        if (envKeys.length > 0) {
+            console.log(
+                `   Found ${
+                    envKeys.length
+                } environment variables: ${envKeys.join(', ')}`
+            );
+        }
+        if (skippedKeys.length > 0) {
+            console.log(
+                `   ⚠️  Skipped ${
+                    skippedKeys.length
+                } reserved AWS Lambda variables: ${skippedKeys.join(', ')}`
+            );
+        }
+    }
+
+    return envVars;
+};
+
 /**
  * Find the actual path to node_modules directory
  * Tries multiple methods to locate node_modules:
@@ -555,17 +617,8 @@ const composeServerlessDefinition = async (AppDefinition) => {
         }
     }
 
-    // Debug: log keys of env vars available during deploy (to verify GA -> Serverless pass-through)
-    try {
-        const envKeys = Object.keys(process.env || {}).sort();
-        console.log(
-            'Frigg deploy env keys (sample):',
-            envKeys.slice(0, 30),
-            `... total=${envKeys.length}`
-        );
-    } catch (e) {
-        console.log('Frigg deploy env keys: <unavailable>', e?.message);
-    }
+    // Get environment variables from appDefinition
+    const appEnvironmentVars = getAppEnvironmentVars(AppDefinition);
 
     const definition = {
         frameworkVersion: '>=3.17.0',
@@ -588,18 +641,8 @@ const composeServerlessDefinition = async (AppDefinition) => {
             environment: {
                 STAGE: '${opt:stage, "dev"}',
                 AWS_NODEJS_CONNECTION_REUSE_ENABLED: 1,
-                // Pass through FRIGG__ prefixed variables (stripping the prefix)
-                // This avoids CloudFormation validation errors from system variables
-                ...Object.fromEntries(
-                    Object.entries(process.env)
-                        .filter(([key]) => key.startsWith('FRIGG__'))
-                        .map(([key, value]) => [
-                            key.replace('FRIGG__', ''),
-                            value,
-                        ])
-                ),
-                // Also include essential non-prefixed variables
-                ...(process.env.NODE_ENV && { NODE_ENV: process.env.NODE_ENV }),
+                // Add environment variables from appDefinition
+                ...appEnvironmentVars,
                 // Add discovered resources to environment if available
                 ...(discoveredResources.defaultVpcId && {
                     AWS_DISCOVERY_VPC_ID: discoveredResources.defaultVpcId,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0-next.35",
+  "version": "2.0.0-next.36",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -9,8 +9,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0-next.35",
-    "@friggframework/test": "2.0.0-next.35",
+    "@friggframework/schemas": "2.0.0-next.36",
+    "@friggframework/test": "2.0.0-next.36",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -32,8 +32,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0-next.35",
-    "@friggframework/prettier-config": "2.0.0-next.35",
+    "@friggframework/eslint-config": "2.0.0-next.36",
+    "@friggframework/prettier-config": "2.0.0-next.36",
     "prettier": "^2.7.1",
     "serverless": "3.39.0",
     "serverless-dotenv-plugin": "^6.0.0",
@@ -65,5 +65,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "2b5b01f23819faad6b2780f1aaabbd9bfb52fe4a"
+  "gitHead": "6cca53cb3091d6bd11ae37f6c459679f1b5b19a6"
 }