npm - @friggframework/devtools - Versions diffs - 2.0.0-next.45 → 2.0.0-next.47 - Mend

@friggframework/devtools 2.0.0-next.45 → 2.0.0-next.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/infrastructure/domains/health/domain/services/logical-id-mapper.js ADDED Viewed

@@ -0,0 +1,345 @@
+/**
+ * LogicalIdMapper - Map orphaned resources to their logical IDs in templates
+ *
+ * Purpose: Analyze orphaned resources and match them to the correct logical IDs
+ * from CloudFormation templates using tags, containment analysis, and template comparison.
+ */
+const {
+  EC2Client,
+  DescribeSubnetsCommand,
+  DescribeSecurityGroupsCommand,
+} = require('@aws-sdk/client-ec2');
+class LogicalIdMapper {
+  constructor({ region = 'us-east-1' } = {}) {
+    this.ec2Client = new EC2Client({ region });
+  }
+  /**
+   * Map orphaned resources to their logical IDs in template
+   * @param {object} params - Mapping parameters
+   * @param {Array} params.orphanedResources - Orphaned resources to map
+   * @param {object} params.buildTemplate - Build template with logical IDs
+   * @param {object} params.deployedTemplate - Deployed template with hardcoded IDs
+   * @returns {Promise<Array>} Mappings with logical IDs
+   */
+  async mapOrphanedResourcesToLogicalIds({
+    orphanedResources,
+    buildTemplate,
+    deployedTemplate,
+  }) {
+    const mappings = [];
+    for (const orphan of orphanedResources) {
+      // Strategy 1: Check CloudFormation tags for logical ID
+      // Tags are stored in orphan.properties.tags (Resource entity structure)
+      const tags = orphan.properties?.tags || orphan.tags; // Support both formats
+      const logicalIdFromTag = this._getLogicalIdFromTags(tags);
+      if (logicalIdFromTag) {
+        mappings.push({
+          logicalId: logicalIdFromTag,
+          physicalId: orphan.physicalId,
+          resourceType: orphan.resourceType,
+          matchMethod: 'tag',
+          confidence: 'high',
+        });
+        continue;
+      }
+      // Strategy 2: Match by template comparison
+      if (orphan.resourceType === 'AWS::EC2::VPC') {
+        const logicalId = await this._matchVpcByContainedResources(
+          orphan,
+          buildTemplate,
+          deployedTemplate
+        );
+        if (logicalId) {
+          mappings.push({
+            logicalId,
+            physicalId: orphan.physicalId,
+            resourceType: orphan.resourceType,
+            matchMethod: 'contained-resources',
+            confidence: 'high',
+          });
+          continue;
+        }
+      }
+      if (orphan.resourceType === 'AWS::EC2::Subnet') {
+        const logicalId = await this._matchSubnetByVpcAndUsage(
+          orphan,
+          buildTemplate,
+          deployedTemplate
+        );
+        if (logicalId) {
+          mappings.push({
+            logicalId,
+            physicalId: orphan.physicalId,
+            resourceType: orphan.resourceType,
+            matchMethod: 'vpc-usage',
+            confidence: 'high',
+          });
+          continue;
+        }
+      }
+      if (orphan.resourceType === 'AWS::EC2::SecurityGroup') {
+        const logicalId = await this._matchSecurityGroupByUsage(
+          orphan,
+          buildTemplate,
+          deployedTemplate
+        );
+        if (logicalId) {
+          mappings.push({
+            logicalId,
+            physicalId: orphan.physicalId,
+            resourceType: orphan.resourceType,
+            matchMethod: 'usage',
+            confidence: 'medium',
+          });
+          continue;
+        }
+      }
+      // No match found - mark as unmapped
+      mappings.push({
+        logicalId: null,
+        physicalId: orphan.physicalId,
+        resourceType: orphan.resourceType,
+        matchMethod: 'none',
+        confidence: 'none',
+      });
+    }
+    return mappings;
+  }
+  /**
+   * Extract logical ID from CloudFormation tags
+   * Supports both formats:
+   * - AWS array format: [{Key: 'aws:cloudformation:logical-id', Value: 'FriggVPC'}]
+   * - Parsed object format: {'aws:cloudformation:logical-id': 'FriggVPC'}
+   * @private
+   */
+  _getLogicalIdFromTags(tags) {
+    if (!tags) return null;
+    // Handle AWS array format [{Key, Value}]
+    if (Array.isArray(tags)) {
+      const logicalIdTag = tags.find(
+        (t) => t.Key === 'aws:cloudformation:logical-id'
+      );
+      return logicalIdTag ? logicalIdTag.Value : null;
+    }
+    // Handle parsed object format {key: value}
+    if (typeof tags === 'object') {
+      return tags['aws:cloudformation:logical-id'] || null;
+    }
+    return null;
+  }
+  /**
+   * Match VPC by checking if it contains expected subnets from template
+   * @private
+   */
+  async _matchVpcByContainedResources(
+    vpc,
+    buildTemplate,
+    deployedTemplate
+  ) {
+    // Get expected subnet IDs from deployed template
+    const expectedSubnetIds = this._extractSubnetIdsFromTemplate(
+      deployedTemplate
+    );
+    if (expectedSubnetIds.length === 0) {
+      return null;
+    }
+    // Get actual subnets in this VPC
+    const actualSubnets = await this._getSubnetsInVpc(vpc.physicalId);
+    // Check if this VPC contains ALL expected subnets
+    const containsExpectedSubnets = expectedSubnetIds.every((expectedId) =>
+      actualSubnets.some((subnet) => subnet.SubnetId === expectedId)
+    );
+    if (containsExpectedSubnets) {
+      // Find VPC logical ID in build template
+      return this._findVpcLogicalIdInTemplate(buildTemplate);
+    }
+    return null;
+  }
+  /**
+   * Match subnet by VPC ownership and usage in Lambda functions
+   * @private
+   */
+  async _matchSubnetByVpcAndUsage(subnet, buildTemplate, deployedTemplate) {
+    // Extract subnet IDs from deployed template Lambda VPC configs
+    const templateSubnetIds = this._extractSubnetIdsFromTemplate(
+      deployedTemplate
+    );
+    // Check if this subnet is referenced in deployed template
+    if (!templateSubnetIds.includes(subnet.physicalId)) {
+      return null;
+    }
+    // Find the position of this subnet in the template's subnet list
+    const subnetIndex = templateSubnetIds.indexOf(subnet.physicalId);
+    // Extract subnet Refs from build template
+    const subnetRefs = this._extractSubnetRefsFromTemplate(buildTemplate);
+    // Return the corresponding logical ID based on position
+    return subnetRefs[subnetIndex] || null;
+  }
+  /**
+   * Match security group by usage in Lambda functions
+   * @private
+   */
+  async _matchSecurityGroupByUsage(sg, buildTemplate, deployedTemplate) {
+    // Extract security group IDs from deployed template
+    const templateSgIds = this._extractSecurityGroupIdsFromTemplate(
+      deployedTemplate
+    );
+    // Check if this SG is referenced in deployed template
+    if (!templateSgIds.includes(sg.physicalId)) {
+      return null;
+    }
+    // Find logical ID in build template
+    const sgRefs = this._extractSecurityGroupRefsFromTemplate(buildTemplate);
+    return sgRefs[0] || null; // Usually just one Lambda SG
+  }
+  /**
+   * Get subnets in a VPC from AWS
+   * @private
+   */
+  async _getSubnetsInVpc(vpcId) {
+    const response = await this.ec2Client.send(
+      new DescribeSubnetsCommand({
+        Filters: [{ Name: 'vpc-id', Values: [vpcId] }],
+      })
+    );
+    return response.Subnets || [];
+  }
+  /**
+   * Extract subnet IDs from deployed template (hardcoded values)
+   * @private
+   */
+  _extractSubnetIdsFromTemplate(template) {
+    const subnetIds = new Set();
+    // Traverse Lambda VpcConfig sections
+    Object.values(template.resources || {}).forEach((resource) => {
+      if (
+        resource.Type === 'AWS::Lambda::Function' &&
+        resource.Properties?.VpcConfig?.SubnetIds
+      ) {
+        resource.Properties.VpcConfig.SubnetIds.forEach((id) => {
+          if (typeof id === 'string' && id.startsWith('subnet-')) {
+            subnetIds.add(id);
+          }
+        });
+      }
+    });
+    return Array.from(subnetIds);
+  }
+  /**
+   * Extract security group IDs from deployed template (hardcoded values)
+   * @private
+   */
+  _extractSecurityGroupIdsFromTemplate(template) {
+    const sgIds = new Set();
+    Object.values(template.resources || {}).forEach((resource) => {
+      if (
+        resource.Type === 'AWS::Lambda::Function' &&
+        resource.Properties?.VpcConfig?.SecurityGroupIds
+      ) {
+        resource.Properties.VpcConfig.SecurityGroupIds.forEach((id) => {
+          if (typeof id === 'string' && id.startsWith('sg-')) {
+            sgIds.add(id);
+          }
+        });
+      }
+    });
+    return Array.from(sgIds);
+  }
+  /**
+   * Extract subnet Refs from build template
+   * @private
+   */
+  _extractSubnetRefsFromTemplate(template) {
+    const subnetRefs = [];
+    // Find Lambda functions and extract SubnetIds Refs
+    Object.values(template.resources || {}).forEach((resource) => {
+      if (
+        resource.Type === 'AWS::Lambda::Function' &&
+        resource.Properties?.VpcConfig?.SubnetIds
+      ) {
+        resource.Properties.VpcConfig.SubnetIds.forEach((ref) => {
+          if (ref.Ref && ref.Ref.includes('Subnet')) {
+            subnetRefs.push(ref.Ref);
+          }
+        });
+      }
+    });
+    return subnetRefs;
+  }
+  /**
+   * Extract security group Refs from build template
+   * @private
+   */
+  _extractSecurityGroupRefsFromTemplate(template) {
+    const sgRefs = [];
+    Object.values(template.resources || {}).forEach((resource) => {
+      if (
+        resource.Type === 'AWS::Lambda::Function' &&
+        resource.Properties?.VpcConfig?.SecurityGroupIds
+      ) {
+        resource.Properties.VpcConfig.SecurityGroupIds.forEach((ref) => {
+          if (ref.Ref && ref.Ref.includes('SecurityGroup')) {
+            sgRefs.push(ref.Ref);
+          }
+        });
+      }
+    });
+    return sgRefs;
+  }
+  /**
+   * Find VPC logical ID in build template
+   * @private
+   */
+  _findVpcLogicalIdInTemplate(template) {
+    const vpcResources = Object.entries(template.resources || {}).filter(
+      ([_, resource]) => resource.Type === 'AWS::EC2::VPC'
+    );
+    // Return first VPC logical ID (usually only one)
+    return vpcResources.length > 0 ? vpcResources[0][0] : null;
+  }
+}
+module.exports = { LogicalIdMapper };

package/infrastructure/domains/health/domain/services/mismatch-analyzer.js ADDED Viewed

@@ -0,0 +1,234 @@
+/**
+ * MismatchAnalyzer Domain Service
+ *
+ * Analyzes differences between expected (CloudFormation template) and actual
+ * (cloud resource) property values to detect drift.
+ *
+ * Features:
+ * - Deep object comparison
+ * - Array comparison (order-sensitive)
+ * - Primitive value comparison
+ * - Type mismatch detection
+ * - Property mutability tracking
+ * - Ignore specific properties
+ * - Nested property path tracking
+ */
+const PropertyMismatch = require('../entities/property-mismatch');
+const PropertyMutability = require('../value-objects/property-mutability');
+class MismatchAnalyzer {
+    /**
+     * Analyze differences between expected and actual property values
+     *
+     * @param {Object} params
+     * @param {Object} params.expected - Expected properties from CloudFormation template
+     * @param {Object} params.actual - Actual properties from cloud resource
+     * @param {Object} params.propertyMutability - Map of property paths to PropertyMutability instances
+     * @param {string[]} [params.ignoreProperties=[]] - Property paths to ignore
+     * @returns {PropertyMismatch[]} Array of detected mismatches
+     */
+    analyze({ expected, actual, propertyMutability, ignoreProperties = [] }) {
+        const mismatches = [];
+        // Recursively compare objects
+        this._compareObjects({
+            expected,
+            actual,
+            propertyMutability,
+            ignoreProperties,
+            currentPath: '',
+            mismatches,
+        });
+        return mismatches;
+    }
+    /**
+     * Recursively compare two objects
+     *
+     * @private
+     */
+    _compareObjects({
+        expected,
+        actual,
+        propertyMutability,
+        ignoreProperties,
+        currentPath,
+        mismatches,
+    }) {
+        // Get all unique property keys from both objects
+        const allKeys = new Set([
+            ...Object.keys(expected || {}),
+            ...Object.keys(actual || {}),
+        ]);
+        for (const key of allKeys) {
+            const propertyPath = currentPath ? `${currentPath}.${key}` : key;
+            // Skip ignored properties
+            if (ignoreProperties.includes(propertyPath)) {
+                continue;
+            }
+            const expectedValue = expected?.[key];
+            const actualValue = actual?.[key];
+            // Check if values are different
+            if (!this._areValuesEqual(expectedValue, actualValue)) {
+                // Check if both are objects (and not arrays or null)
+                if (
+                    this._isPlainObject(expectedValue) &&
+                    this._isPlainObject(actualValue)
+                ) {
+                    // Recursively compare nested objects
+                    this._compareObjects({
+                        expected: expectedValue,
+                        actual: actualValue,
+                        propertyMutability,
+                        ignoreProperties,
+                        currentPath: propertyPath,
+                        mismatches,
+                    });
+                } else {
+                    // Create a mismatch for this property
+                    const mutability =
+                        propertyMutability[propertyPath] || PropertyMutability.MUTABLE;
+                    const mismatch = new PropertyMismatch({
+                        propertyPath,
+                        expectedValue,
+                        actualValue,
+                        mutability,
+                    });
+                    mismatches.push(mismatch);
+                }
+            }
+        }
+    }
+    /**
+     * Check if two values are equal
+     *
+     * @private
+     * @param {*} value1
+     * @param {*} value2
+     * @returns {boolean}
+     */
+    _areValuesEqual(value1, value2) {
+        // Handle null/undefined equivalence
+        if (this._isNullish(value1) && this._isNullish(value2)) {
+            return true;
+        }
+        // Handle different types
+        if (typeof value1 !== typeof value2) {
+            return false;
+        }
+        // Handle primitives
+        if (
+            typeof value1 === 'string' ||
+            typeof value1 === 'number' ||
+            typeof value1 === 'boolean'
+        ) {
+            return value1 === value2;
+        }
+        // Handle arrays
+        if (Array.isArray(value1) && Array.isArray(value2)) {
+            return this._areArraysEqual(value1, value2);
+        }
+        // Handle plain objects
+        if (this._isPlainObject(value1) && this._isPlainObject(value2)) {
+            return this._areObjectsEqual(value1, value2);
+        }
+        // Handle dates
+        if (value1 instanceof Date && value2 instanceof Date) {
+            return value1.getTime() === value2.getTime();
+        }
+        // Fallback: strict equality
+        return value1 === value2;
+    }
+    /**
+     * Check if value is null or undefined
+     *
+     * @private
+     * @param {*} value
+     * @returns {boolean}
+     */
+    _isNullish(value) {
+        return value === null || value === undefined;
+    }
+    /**
+     * Check if value is a plain object (not array, not null, not Date, etc.)
+     *
+     * @private
+     * @param {*} value
+     * @returns {boolean}
+     */
+    _isPlainObject(value) {
+        return (
+            typeof value === 'object' &&
+            value !== null &&
+            !Array.isArray(value) &&
+            !(value instanceof Date) &&
+            Object.getPrototypeOf(value) === Object.prototype
+        );
+    }
+    /**
+     * Deep equality check for arrays (order-sensitive)
+     *
+     * @private
+     * @param {Array} arr1
+     * @param {Array} arr2
+     * @returns {boolean}
+     */
+    _areArraysEqual(arr1, arr2) {
+        if (arr1.length !== arr2.length) {
+            return false;
+        }
+        for (let i = 0; i < arr1.length; i++) {
+            if (!this._areValuesEqual(arr1[i], arr2[i])) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Deep equality check for plain objects
+     *
+     * @private
+     * @param {Object} obj1
+     * @param {Object} obj2
+     * @returns {boolean}
+     */
+    _areObjectsEqual(obj1, obj2) {
+        const keys1 = Object.keys(obj1);
+        const keys2 = Object.keys(obj2);
+        if (keys1.length !== keys2.length) {
+            return false;
+        }
+        for (const key of keys1) {
+            if (!this._areValuesEqual(obj1[key], obj2[key])) {
+                return false;
+            }
+        }
+        return true;
+    }
+}
+module.exports = MismatchAnalyzer;