alchemy-effect 0.3.0 → 0.4.0

package/src/aws/dynamodb/table.provider.ts

@@ -120,6 +120,7 @@ export const tableProvider = (): Layer.Layer<
           );
 
       return {
+        stables: ["tableName", "tableId", "tableArn"],
         diff: Effect.fn(function* ({ news, olds }) {
           if (
             // TODO(sam): if the name is hard-coded, REPLACE is impossible - we need a suffix

package/src/aws/ec2/index.ts

@@ -1,4 +1,12 @@
 export * from "./client.ts";
+export * from "./internet-gateway.provider.ts";
+export * from "./internet-gateway.ts";
+export * from "./route-table-association.provider.ts";
+export * from "./route-table-association.ts";
+export * from "./route-table.provider.ts";
+export * from "./route-table.ts";
+export * from "./route.provider.ts";
+export * from "./route.ts";
 export * from "./subnet.provider.ts";
 export * from "./subnet.ts";
 export * from "./vpc.provider.ts";

package/src/aws/ec2/internet-gateway.provider.ts

@@ -0,0 +1,316 @@
+import * as Effect from "effect/Effect";
+import * as Schedule from "effect/Schedule";
+
+import type { EC2 } from "itty-aws/ec2";
+
+import type { ScopedPlanStatusSession } from "../../cli/service.ts";
+import type { ProviderService } from "../../provider.ts";
+import { createTagger, createTagsList } from "../../tags.ts";
+import { Account } from "../account.ts";
+import { Region } from "../region.ts";
+import { EC2Client } from "./client.ts";
+import {
+  InternetGateway,
+  type InternetGatewayAttrs,
+  type InternetGatewayId,
+  type InternetGatewayProps,
+} from "./internet-gateway.ts";
+
+export const internetGatewayProvider = () =>
+  InternetGateway.provider.effect(
+    Effect.gen(function* () {
+      const ec2 = yield* EC2Client;
+      const region = yield* Region;
+      const accountId = yield* Account;
+      const tagged = yield* createTagger();
+
+      return {
+        stables: ["internetGatewayId", "internetGatewayArn", "ownerId"],
+        diff: Effect.fn(function* ({ news, olds }) {
+          // VPC attachment change can be handled via attach/detach (update)
+          // No properties require replacement
+        }),
+
+        create: Effect.fn(function* ({ id, news, session }) {
+          // 1. Prepare tags
+          const alchemyTags = tagged(id);
+          const userTags = news.tags ?? {};
+          const allTags = { ...alchemyTags, ...userTags };
+
+          // 2. Call CreateInternetGateway
+          const createResult = yield* ec2.createInternetGateway({
+            TagSpecifications: [
+              {
+                ResourceType: "internet-gateway",
+                Tags: createTagsList(allTags),
+              },
+            ],
+            DryRun: false,
+          });
+
+          const internetGatewayId = createResult.InternetGateway!
+            .InternetGatewayId! as InternetGatewayId;
+          yield* session.note(`Internet gateway created: ${internetGatewayId}`);
+
+          // 3. Attach to VPC if specified
+          if (news.vpcId) {
+            yield* ec2
+              .attachInternetGateway({
+                InternetGatewayId: internetGatewayId,
+                VpcId: news.vpcId,
+              })
+              .pipe(
+                Effect.retry({
+                  // Retry if VPC is not yet available
+                  while: (e) => e._tag === "InvalidVpcID.NotFound",
+                  schedule: Schedule.exponential(100),
+                }),
+              );
+            yield* session.note(`Attached to VPC: ${news.vpcId}`);
+          }
+
+          // 4. Describe to get full details
+          const igw = yield* describeInternetGateway(
+            ec2,
+            internetGatewayId,
+            session,
+          );
+
+          // 5. Return attributes
+          return {
+            internetGatewayId,
+            internetGatewayArn:
+              `arn:aws:ec2:${region}:${accountId}:internet-gateway/${internetGatewayId}` as InternetGatewayAttrs<InternetGatewayProps>["internetGatewayArn"],
+            vpcId: news.vpcId,
+            ownerId: igw.OwnerId,
+            attachments: igw.Attachments?.map((a) => ({
+              state: a.State! as
+                | "attaching"
+                | "available"
+                | "detaching"
+                | "detached",
+              vpcId: a.VpcId!,
+            })),
+          } satisfies InternetGatewayAttrs<InternetGatewayProps>;
+        }),
+
+        update: Effect.fn(function* ({ news, olds, output, session }) {
+          const internetGatewayId = output.internetGatewayId;
+
+          // Handle VPC attachment changes
+          if (news.vpcId !== olds.vpcId) {
+            // Detach from old VPC if was attached
+            if (olds.vpcId) {
+              yield* ec2
+                .detachInternetGateway({
+                  InternetGatewayId: internetGatewayId,
+                  VpcId: olds.vpcId,
+                })
+                .pipe(
+                  Effect.catchTag("Gateway.NotAttached", () => Effect.void),
+                );
+              yield* session.note(`Detached from VPC: ${olds.vpcId}`);
+            }
+
+            // Attach to new VPC if specified
+            if (news.vpcId) {
+              yield* ec2
+                .attachInternetGateway({
+                  InternetGatewayId: internetGatewayId,
+                  VpcId: news.vpcId,
+                })
+                .pipe(
+                  Effect.retry({
+                    while: (e) => e._tag === "InvalidVpcID.NotFound",
+                    schedule: Schedule.exponential(100),
+                  }),
+                );
+              yield* session.note(`Attached to VPC: ${news.vpcId}`);
+            }
+          }
+
+          // Handle tag updates
+          if (
+            JSON.stringify(news.tags ?? {}) !== JSON.stringify(olds.tags ?? {})
+          ) {
+            const alchemyTags = tagged(output.internetGatewayId);
+            const userTags = news.tags ?? {};
+            const allTags = { ...alchemyTags, ...userTags };
+
+            // Delete old tags that are no longer present
+            const oldTagKeys = Object.keys(olds.tags ?? {});
+            const newTagKeys = Object.keys(news.tags ?? {});
+            const tagsToDelete = oldTagKeys.filter(
+              (key) => !newTagKeys.includes(key),
+            );
+
+            if (tagsToDelete.length > 0) {
+              yield* ec2.deleteTags({
+                Resources: [internetGatewayId],
+                Tags: tagsToDelete.map((key) => ({ Key: key })),
+              });
+            }
+
+            // Create/update tags
+            yield* ec2.createTags({
+              Resources: [internetGatewayId],
+              Tags: createTagsList(allTags),
+            });
+
+            yield* session.note("Updated tags");
+          }
+
+          // Re-describe to get current state
+          const igw = yield* describeInternetGateway(
+            ec2,
+            internetGatewayId,
+            session,
+          );
+
+          return {
+            ...output,
+            vpcId: news.vpcId,
+            attachments: igw.Attachments?.map((a) => ({
+              state: a.State! as
+                | "attaching"
+                | "available"
+                | "detaching"
+                | "detached",
+              vpcId: a.VpcId!,
+            })),
+          };
+        }),
+
+        delete: Effect.fn(function* ({ output, session }) {
+          const internetGatewayId = output.internetGatewayId;
+
+          yield* session.note(
+            `Deleting internet gateway: ${internetGatewayId}`,
+          );
+
+          // 1. Detach from all VPCs first
+          if (output.attachments && output.attachments.length > 0) {
+            for (const attachment of output.attachments) {
+              yield* ec2
+                .detachInternetGateway({
+                  InternetGatewayId: internetGatewayId,
+                  VpcId: attachment.vpcId,
+                })
+                .pipe(
+                  Effect.tapError(Effect.logDebug),
+                  Effect.catchTag("Gateway.NotAttached", () => Effect.void),
+                  Effect.catchTag(
+                    "InvalidInternetGatewayID.NotFound",
+                    () => Effect.void,
+                  ),
+                );
+              yield* session.note(`Detached from VPC: ${attachment.vpcId}`);
+            }
+          }
+
+          // 2. Delete the internet gateway
+          yield* ec2
+            .deleteInternetGateway({
+              InternetGatewayId: internetGatewayId,
+              DryRun: false,
+            })
+            .pipe(
+              Effect.tapError(Effect.logDebug),
+              Effect.catchTag(
+                "InvalidInternetGatewayID.NotFound",
+                () => Effect.void,
+              ),
+              // Retry on dependency violations
+              Effect.retry({
+                while: (e) => {
+                  return (
+                    e._tag === "DependencyViolation" ||
+                    (e._tag === "ValidationError" &&
+                      e.message?.includes("DependencyViolation"))
+                  );
+                },
+                schedule: Schedule.exponential(1000, 1.5).pipe(
+                  Schedule.intersect(Schedule.recurs(10)),
+                  Schedule.tapOutput(([, attempt]) =>
+                    session.note(
+                      `Waiting for dependencies to clear... (attempt ${attempt + 1})`,
+                    ),
+                  ),
+                ),
+              }),
+            );
+
+          // 3. Wait for internet gateway to be fully deleted
+          yield* waitForInternetGatewayDeleted(ec2, internetGatewayId, session);
+
+          yield* session.note(
+            `Internet gateway ${internetGatewayId} deleted successfully`,
+          );
+        }),
+      } satisfies ProviderService<InternetGateway>;
+    }),
+  );
+
+/**
+ * Describe an internet gateway by ID
+ */
+const describeInternetGateway = (
+  ec2: EC2,
+  internetGatewayId: string,
+  _session?: ScopedPlanStatusSession,
+) =>
+  Effect.gen(function* () {
+    const result = yield* ec2
+      .describeInternetGateways({ InternetGatewayIds: [internetGatewayId] })
+      .pipe(
+        Effect.catchTag("InvalidInternetGatewayID.NotFound", () =>
+          Effect.succeed({ InternetGateways: [] }),
+        ),
+      );
+
+    const igw = result.InternetGateways?.[0];
+    if (!igw) {
+      return yield* Effect.fail(new Error("Internet gateway not found"));
+    }
+    return igw;
+  });
+
+/**
+ * Wait for internet gateway to be deleted
+ */
+const waitForInternetGatewayDeleted = (
+  ec2: EC2,
+  internetGatewayId: string,
+  session: ScopedPlanStatusSession,
+) =>
+  Effect.gen(function* () {
+    yield* Effect.retry(
+      Effect.gen(function* () {
+        const result = yield* ec2
+          .describeInternetGateways({ InternetGatewayIds: [internetGatewayId] })
+          .pipe(
+            Effect.tapError(Effect.logDebug),
+            Effect.catchTag("InvalidInternetGatewayID.NotFound", () =>
+              Effect.succeed({ InternetGateways: [] }),
+            ),
+          );
+
+        if (!result.InternetGateways || result.InternetGateways.length === 0) {
+          return; // Successfully deleted
+        }
+
+        // Still exists, fail to trigger retry
+        return yield* Effect.fail(new Error("Internet gateway still exists"));
+      }),
+      {
+        schedule: Schedule.fixed(2000).pipe(
+          Schedule.intersect(Schedule.recurs(15)),
+          Schedule.tapOutput(([, attempt]) =>
+            session.note(
+              `Waiting for internet gateway deletion... (${(attempt + 1) * 2}s)`,
+            ),
+          ),
+        ),
+      },
+    );
+  });

package/src/aws/ec2/internet-gateway.ts

@@ -0,0 +1,79 @@
+import type { Input } from "../../input.ts";
+import { Resource } from "../../resource.ts";
+import type { AccountID } from "../account.ts";
+import type { RegionID } from "../region.ts";
+import type { VpcId } from "./vpc.ts";
+
+export const InternetGateway = Resource<{
+  <const ID extends string, const Props extends InternetGatewayProps>(
+    id: ID,
+    props: Props,
+  ): InternetGateway<ID, Props>;
+}>("AWS.EC2.InternetGateway");
+
+export interface InternetGateway<
+  ID extends string = string,
+  Props extends InternetGatewayProps = InternetGatewayProps,
+> extends Resource<
+    "AWS.EC2.InternetGateway",
+    ID,
+    Props,
+    InternetGatewayAttrs<Input.Resolve<Props>>,
+    InternetGateway
+  > {}
+
+export type InternetGatewayId<ID extends string = string> = `igw-${ID}`;
+export const InternetGatewayId = <ID extends string>(
+  id: ID,
+): ID & InternetGatewayId<ID> => `igw-${id}` as ID & InternetGatewayId<ID>;
+
+export interface InternetGatewayProps {
+  /**
+   * The VPC to attach the internet gateway to.
+   * If provided, the internet gateway will be automatically attached to the VPC.
+   * Optional - you can create an unattached internet gateway and attach it later.
+   */
+  vpcId?: Input<VpcId>;
+
+  /**
+   * Tags to assign to the internet gateway.
+   * These will be merged with alchemy auto-tags (alchemy::app, alchemy::stage, alchemy::id).
+   */
+  tags?: Record<string, Input<string>>;
+}
+
+export interface InternetGatewayAttrs<Props extends InternetGatewayProps> {
+  /**
+   * The ID of the internet gateway.
+   */
+  internetGatewayId: InternetGatewayId;
+
+  /**
+   * The Amazon Resource Name (ARN) of the internet gateway.
+   */
+  internetGatewayArn: `arn:aws:ec2:${RegionID}:${AccountID}:internet-gateway/${this["internetGatewayId"]}`;
+
+  /**
+   * The ID of the VPC the internet gateway is attached to (if any).
+   */
+  vpcId?: Props["vpcId"];
+
+  /**
+   * The ID of the AWS account that owns the internet gateway.
+   */
+  ownerId?: string;
+
+  /**
+   * The attachments for the internet gateway.
+   */
+  attachments?: Array<{
+    /**
+     * The current state of the attachment.
+     */
+    state: "attaching" | "available" | "detaching" | "detached";
+    /**
+     * The ID of the VPC.
+     */
+    vpcId: string;
+  }>;
+}

package/src/aws/ec2/route-table-association.provider.ts

@@ -0,0 +1,214 @@
+import * as Effect from "effect/Effect";
+import * as Schedule from "effect/Schedule";
+
+import type { ScopedPlanStatusSession } from "../../cli/service.ts";
+import type { ProviderService } from "../../provider.ts";
+import { EC2Client } from "./client.ts";
+import {
+  RouteTableAssociation,
+  type RouteTableAssociationAttrs,
+  type RouteTableAssociationId,
+  type RouteTableAssociationProps,
+} from "./route-table-association.ts";
+
+export const routeTableAssociationProvider = () =>
+  RouteTableAssociation.provider.effect(
+    Effect.gen(function* () {
+      const ec2 = yield* EC2Client;
+
+      return {
+        stables: ["associationId", "subnetId", "gatewayId"],
+        diff: Effect.fn(function* ({ news, olds }) {
+          // Subnet/Gateway change requires replacement (use ReplaceRouteTableAssociation internally)
+          if (olds.subnetId !== news.subnetId) {
+            return { action: "replace" };
+          }
+          if (olds.gatewayId !== news.gatewayId) {
+            return { action: "replace" };
+          }
+          // Route table change can be done via ReplaceRouteTableAssociation
+        }),
+
+        create: Effect.fn(function* ({ news, session }) {
+          // Call AssociateRouteTable
+          const result = yield* ec2
+            .associateRouteTable({
+              RouteTableId: news.routeTableId,
+              SubnetId: news.subnetId,
+              GatewayId: news.gatewayId,
+              DryRun: false,
+            })
+            .pipe(
+              Effect.retry({
+                // Retry if route table or subnet/gateway is not yet available
+                while: (e) =>
+                  e._tag === "InvalidRouteTableID.NotFound" ||
+                  e._tag === "InvalidSubnetID.NotFound",
+                schedule: Schedule.exponential(100),
+              }),
+            );
+
+          const associationId =
+            result.AssociationId! as RouteTableAssociationId;
+          yield* session.note(
+            `Route table association created: ${associationId}`,
+          );
+
+          // Wait for association to be associated
+          yield* waitForAssociationState(
+            ec2,
+            news.routeTableId,
+            associationId,
+            "associated",
+            session,
+          );
+
+          // Return attributes
+          return {
+            associationId,
+            routeTableId: news.routeTableId,
+            subnetId: news.subnetId,
+            gatewayId: news.gatewayId,
+            associationState: {
+              state: result.AssociationState?.State ?? "associated",
+              statusMessage: result.AssociationState?.StatusMessage,
+            },
+          } satisfies RouteTableAssociationAttrs<RouteTableAssociationProps>;
+        }),
+
+        update: Effect.fn(function* ({ news, olds, output, session }) {
+          // If route table changed, use ReplaceRouteTableAssociation
+          if (news.routeTableId !== olds.routeTableId) {
+            const result = yield* ec2.replaceRouteTableAssociation({
+              AssociationId: output.associationId,
+              RouteTableId: news.routeTableId,
+              DryRun: false,
+            });
+
+            const newAssociationId =
+              result.NewAssociationId! as RouteTableAssociationId;
+            yield* session.note(
+              `Route table association replaced: ${newAssociationId}`,
+            );
+
+            // Wait for new association to be associated
+            yield* waitForAssociationState(
+              ec2,
+              news.routeTableId,
+              newAssociationId,
+              "associated",
+              session,
+            );
+
+            return {
+              associationId: newAssociationId,
+              routeTableId: news.routeTableId,
+              subnetId: news.subnetId,
+              gatewayId: news.gatewayId,
+              associationState: {
+                state: result.AssociationState?.State ?? "associated",
+                statusMessage: result.AssociationState?.StatusMessage,
+              },
+            };
+          }
+
+          // No changes needed
+          return output;
+        }),
+
+        delete: Effect.fn(function* ({ output, session }) {
+          yield* session.note(
+            `Deleting route table association: ${output.associationId}`,
+          );
+
+          // Disassociate the route table
+          yield* ec2
+            .disassociateRouteTable({
+              AssociationId: output.associationId,
+              DryRun: false,
+            })
+            .pipe(
+              Effect.tapError(Effect.log),
+              Effect.catchTag(
+                "InvalidAssociationID.NotFound",
+                () => Effect.void,
+              ),
+            );
+
+          yield* session.note(
+            `Route table association ${output.associationId} deleted successfully`,
+          );
+        }),
+      } satisfies ProviderService<RouteTableAssociation>;
+    }),
+  );
+
+/**
+ * Wait for association to reach a specific state
+ */
+const waitForAssociationState = (
+  ec2: import("itty-aws/ec2").EC2,
+  routeTableId: string,
+  associationId: string,
+  targetState:
+    | "associating"
+    | "associated"
+    | "disassociating"
+    | "disassociated",
+  session?: ScopedPlanStatusSession,
+) =>
+  Effect.retry(
+    Effect.gen(function* () {
+      const result = yield* ec2
+        .describeRouteTables({ RouteTableIds: [routeTableId] })
+        .pipe(
+          Effect.catchTag("InvalidRouteTableID.NotFound", () =>
+            Effect.succeed({ RouteTables: [] }),
+          ),
+        );
+
+      const routeTable = result.RouteTables?.[0];
+      if (!routeTable) {
+        return yield* Effect.fail(new Error("Route table not found"));
+      }
+
+      const association = routeTable.Associations?.find(
+        (a) => a.RouteTableAssociationId === associationId,
+      );
+
+      if (!association) {
+        // Association might not exist yet, retry
+        return yield* Effect.fail(new Error("Association not found"));
+      }
+
+      if (association.AssociationState?.State === targetState) {
+        return;
+      }
+
+      if (association.AssociationState?.State === "failed") {
+        return yield* Effect.fail(
+          new Error(
+            `Association failed: ${association.AssociationState.StatusMessage}`,
+          ),
+        );
+      }
+
+      // Still in progress, fail to trigger retry
+      return yield* Effect.fail(
+        new Error(`Association state: ${association.AssociationState?.State}`),
+      );
+    }),
+    {
+      schedule: Schedule.fixed(1000).pipe(
+        // Check every second
+        Schedule.intersect(Schedule.recurs(30)), // Max 30 seconds
+        Schedule.tapOutput(([, attempt]) =>
+          session
+            ? session.note(
+                `Waiting for association to be ${targetState}... (${attempt + 1}s)`,
+              )
+            : Effect.void,
+        ),
+      ),
+    },
+  );