cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/stack_library/load_balancer/load_balancer_stack.py

@@ -6,6 +6,8 @@ MIT License.  See Project Root for the license information.
 
 from typing import Dict, Any, List, Optional
 
+import base64
+import hashlib
 import aws_cdk as cdk
 from aws_cdk import aws_elasticloadbalancingv2 as elbv2
 from aws_cdk import aws_ec2 as ec2
@@ -19,7 +21,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.load_balancer import LoadBalancerConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -30,7 +33,7 @@ logger = Logger(service="LoadBalancerStack")
 @register_stack("alb_stack")
 @register_stack("load_balancer_library_module")
 @register_stack("load_balancer_stack")
-class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
+class LoadBalancerStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for AWS Load Balancers.
     Supports creating Application and Network Load Balancers with customizable configurations.
@@ -49,7 +52,7 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
         self._hosted_zone = None
         self._record_names = None
         # SSM imported values
-        self.ssm_imported_values: Dict[str, str] = {}
+        self._ssm_imported_values: Dict[str, str] = {}
 
     def build(
         self,
@@ -76,8 +79,18 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
         )
         lb_name = deployment.build_resource_name(self.lb_config.name)
 
-        # Process SSM imports first
-        self._process_ssm_imports()
+        # Setup standardized SSM integration
+        self.setup_ssm_integration(
+            scope=self,
+            config=self.lb_config,
+            resource_type="load_balancer",
+            resource_name=self.lb_config.name,
+            deployment=deployment,
+            workload=workload
+        )
+        
+        # Process SSM imports
+        self.process_ssm_imports()
 
         self._prep_dns()
 
@@ -155,16 +168,22 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
 
         # If subnets is None, check if we have SSM-imported subnet_ids as a token
         # We need to use Fn.Split to convert the comma-separated string to an array
-        if subnets is None and "subnet_ids" in self.ssm_imported_values:
-            subnet_ids_value = self.ssm_imported_values["subnet_ids"]
-            if cdk.Token.is_unresolved(subnet_ids_value):
-                logger.info("Using Fn.Split to convert comma-separated subnet IDs token to array")
-                # Use CloudFormation escape hatch to set Subnets property with Fn.Split
-                cfn_lb = load_balancer.node.default_child
-                cfn_lb.add_property_override(
-                    "Subnets",
-                    cdk.Fn.split(",", subnet_ids_value)
-                )
+        if subnets is None:
+            subnet_ids = self.get_subnet_ids(self.lb_config)
+            if subnet_ids:
+                # For CloudFormation token resolution, we still need Fn.split
+                # but we use the helper to determine if subnet IDs are available
+                ssm_imports = self.get_all_ssm_imports()
+                if "subnet_ids" in ssm_imports:
+                    subnet_ids_value = ssm_imports["subnet_ids"]
+                    if cdk.Token.is_unresolved(subnet_ids_value):
+                        logger.info("Using Fn.Split to convert comma-separated subnet IDs token to array")
+                        # Use CloudFormation escape hatch to set Subnets property with Fn.Split
+                        cfn_lb = load_balancer.node.default_child
+                        cfn_lb.add_property_override(
+                            "Subnets",
+                            cdk.Fn.split(",", subnet_ids_value)
+                        )
 
         # Add tags
         for key, value in self.lb_config.tags.items():
@@ -174,100 +193,25 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
 
     @property
     def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Load Balancer"""
+        """Get the VPC for the Load Balancer using centralized VPC provider mixin."""
         if self._vpc:
             return self._vpc
-
-        # Check SSM imported values first (tokens from SSM parameters)
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # Build VPC attributes
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"],
-            }
-            
-            # If we have subnet_ids from SSM, provide dummy public subnets
-            # The actual subnets will be set via CloudFormation escape hatch
-            if "subnet_ids" in self.ssm_imported_values:
-                # Provide dummy subnet IDs - these will be overridden by the escape hatch
-                # We need at least one dummy subnet per AZ to satisfy CDK's validation
-                vpc_attrs["public_subnet_ids"] = ["subnet-dummy1", "subnet-dummy2"]
-            
-            # Use from_vpc_attributes() instead of from_lookup() because SSM imports return tokens
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        elif self.lb_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.lb_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-        else:
-            # Use default VPC if not provided
-            raise ValueError(
-                "VPC is not defined in the configuration.  "
-                "You can provide it a the load_balancer.vpc_id in the configuration "
-                "or a top level workload.vpc_id in the workload configuration."
-            )
-
-        return self._vpc
-
-    def _process_ssm_imports(self) -> None:
-        """
-        Process SSM imports from configuration.
-        Follows the same pattern as RDS and Security Group stacks.
-        """
-        from aws_cdk import aws_ssm as ssm
-        
-        ssm_imports = self.lb_config.ssm_imports
-        
-        if not ssm_imports:
-            logger.debug("No SSM imports configured for Load Balancer")
-            return
-        
-        logger.info(f"Processing {len(ssm_imports)} SSM imports for Load Balancer")
         
-        for param_key, param_value in ssm_imports.items():
-            try:
-                # Handle list values (like security_groups)
-                if isinstance(param_value, list):
-                    imported_list = []
-                    for idx, param_path in enumerate(param_value):
-                        if not param_path.startswith('/'):
-                            param_path = f"/{param_path}"
-                        
-                        construct_id = f"ssm-import-{param_key}-{idx}-{hash(param_path) % 10000}"
-                        param = ssm.StringParameter.from_string_parameter_name(
-                            self, construct_id, param_path
-                        )
-                        imported_list.append(param.string_value)
-                    
-                    self.ssm_imported_values[param_key] = imported_list
-                    logger.info(f"Imported SSM parameter list: {param_key} with {len(imported_list)} items")
-                else:
-                    # Handle string values
-                    param_path = param_value
-                    if not param_path.startswith('/'):
-                        param_path = f"/{param_path}"
-                    
-                    construct_id = f"ssm-import-{param_key}-{hash(param_path) % 10000}"
-                    param = ssm.StringParameter.from_string_parameter_name(
-                        self, construct_id, param_path
-                    )
-                    
-                    self.ssm_imported_values[param_key] = param.string_value
-                    logger.info(f"Imported SSM parameter: {param_key} from {param_path}")
-                    
-            except Exception as e:
-                logger.error(f"Failed to import SSM parameter {param_key}: {e}")
-                raise
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.lb_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
+        return self._vpc
 
     def _get_security_groups(self) -> List[ec2.ISecurityGroup]:
         """Get security groups for the Load Balancer"""
         security_groups = []
         
         # Check SSM imported values first
-        if "security_groups" in self.ssm_imported_values:
-            sg_ids = self.ssm_imported_values["security_groups"]
+        if "security_groups" in self._ssm_imported_values:
+            sg_ids = self._ssm_imported_values["security_groups"]
             if not isinstance(sg_ids, list):
                 sg_ids = [sg_ids]
         else:
@@ -285,9 +229,16 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
         """Get subnets for the Load Balancer"""
         subnets = []
         
-        # Check SSM imported values first
-        if "subnet_ids" in self.ssm_imported_values:
-            subnet_ids_value = self.ssm_imported_values["subnet_ids"]
+        # Use the standardized helper function to get subnet IDs
+        subnet_ids = self.get_subnet_ids(self.lb_config)
+        
+        if not subnet_ids:
+            return None
+        
+        # Check if we have unresolved tokens from SSM
+        ssm_imports = self.get_all_ssm_imports()
+        if "subnet_ids" in ssm_imports:
+            subnet_ids_value = ssm_imports["subnet_ids"]
             
             # Check if this is a CDK token (unresolved SSM parameter)
             if cdk.Token.is_unresolved(subnet_ids_value):
@@ -296,25 +247,40 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                 # The ALB construct will handle the token-based subnet IDs
                 logger.info("Subnet IDs are unresolved tokens, will use vpc_subnets with token resolution")
                 return None
-            elif isinstance(subnet_ids_value, str):
-                # If it's a resolved string, split it
-                subnet_ids = [s.strip() for s in subnet_ids_value.split(',')]
-            elif isinstance(subnet_ids_value, list):
-                subnet_ids = subnet_ids_value
-            else:
-                subnet_ids = [subnet_ids_value]
-        else:
-            subnet_ids = self.lb_config.subnets
-        
-        if not subnet_ids:
-            return None
             
+        # Convert subnet IDs to subnet objects
         for idx, subnet_id in enumerate(subnet_ids):
             subnets.append(
                 ec2.Subnet.from_subnet_id(self, f"Subnet-{idx}", subnet_id)
             )
         return subnets
 
+    def _generate_target_group_name(self, lb_name: str, tg_name: str, max_length: int = 32) -> str:
+        """Generate a unique target group name that doesn't begin/end with hyphens"""
+        full_name = f"{lb_name}-{tg_name}"
+        
+        if len(full_name) <= max_length:
+            # No truncation needed, just ensure no leading/trailing hyphens
+            return full_name.strip('-')
+        
+        # Need to truncate - use hash suffix for uniqueness
+        # Reserve space for hash (typically 8 chars) and separator
+        hash_length = 8
+        separator_length = 1
+        max_name_length = max_length - hash_length - separator_length
+        
+        # Take the prefix and ensure it doesn't end with hyphen
+        prefix = full_name[:max_name_length].rstrip('-')
+        
+        # Generate hash of the full name for uniqueness
+        hash_bytes = hashlib.sha256(full_name.encode()).digest()
+        hash_suffix = base64.urlsafe_b64encode(hash_bytes).decode()[:hash_length]
+        
+        # Ensure hash doesn't start with hyphen (replace any non-alphanumeric chars)
+        hash_suffix = ''.join(c for c in hash_suffix if c.isalnum())[:hash_length]
+        
+        return f"{prefix}-{hash_suffix}"
+
     def _create_target_groups(self, lb_name: str) -> None:
         """Create target groups for the Load Balancer"""
 
@@ -322,6 +288,9 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
             tg_name = tg_config.get("name", f"tg-{idx}")
             tg_id = f"{lb_name}-{tg_name}"
 
+            # Generate a unique target group name that doesn't begin/end with hyphens
+            tg_name_sanitized = self._generate_target_group_name(lb_name, tg_name)
+
             # Configure health check
             health_check = self._configure_health_check(
                 tg_config.get("health_check", {})
@@ -332,7 +301,7 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                 target_group = elbv2.ApplicationTargetGroup(
                     self,
                     tg_id,
-                    target_group_name=tg_id[:32],  # Ensure name is within AWS limits
+                    target_group_name=tg_name_sanitized,
                     vpc=self.vpc,
                     port=tg_config.get("port", 80),
                     protocol=elbv2.ApplicationProtocol(
@@ -347,7 +316,7 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                 target_group = elbv2.NetworkTargetGroup(
                     self,
                     tg_id,
-                    target_group_name=tg_id[:32],  # Ensure name is within AWS limits
+                    target_group_name=tg_name_sanitized,
                     vpc=self.vpc,
                     port=tg_config.get("port", 80),
                     protocol=elbv2.Protocol(tg_config.get("protocol", "TCP")),
@@ -357,6 +326,8 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                     health_check=health_check,
                 )
 
+
+            
             # Store target group for later use
             self.target_groups[tg_name] = target_group
 
@@ -397,6 +368,11 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                 if protocol.upper() == "HTTPS":
                     certificates = self._get_certificates()
 
+                if not certificates and protocol.upper() == "HTTPS":
+                    message = "No certificates found for HTTPS listener. Please attach a certificate or create a certificate stack."
+                    logger.warning(message)
+                    raise ValueError(message)
+
                 listener = elbv2.ApplicationListener(
                     self,
                     listener_id,
@@ -449,8 +425,9 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
         certificates = []
         
         # Check SSM imported values first (takes priority)
-        if "certificate_arns" in self.ssm_imported_values:
-            cert_arns = self.ssm_imported_values["certificate_arns"]
+        ssm_imports = self.get_all_ssm_imports()
+        if "certificate_arns" in ssm_imports:
+            cert_arns = ssm_imports["certificate_arns"]
             if not isinstance(cert_arns, list):
                 cert_arns = [cert_arns]
             for cert_arn in cert_arns:
@@ -479,44 +456,42 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
             # Configure conditions
             conditions = []
 
-            # Path patterns
-            path_patterns = rule_config.get("path_patterns", [])
-            if path_patterns:
-                conditions.append(elbv2.ListenerCondition.path_patterns(path_patterns))
-
-            # Host headers
-            host_headers = rule_config.get("host_headers", [])
-            if host_headers:
-                conditions.append(elbv2.ListenerCondition.host_headers(host_headers))
-
-            # HTTP headers
-            http_headers = rule_config.get("http_headers", {})
-            for header_name, header_values in http_headers.items():
-                conditions.append(
-                    elbv2.ListenerCondition.http_header(header_name, header_values)
-                )
-
-            # Query strings
-            query_strings = rule_config.get("query_strings", [])
-            if query_strings:
-                query_string_conditions = []
-                for qs in query_strings:
-                    query_string_conditions.append(
-                        elbv2.QueryStringCondition(
-                            key=qs.get("key"), value=qs.get("value")
+            # Parse AWS ALB conditions format
+            aws_conditions = rule_config.get("conditions", [])
+            for condition in aws_conditions:
+                field = condition.get("field")
+                if field == "http-header" and "http_header_config" in condition:
+                    header_config = condition["http_header_config"]
+                    header_name = header_config.get("header_name")
+                    header_values = header_config.get("values", [])
+                    if header_name and header_values:
+                        conditions.append(
+                            elbv2.ListenerCondition.http_header(header_name, header_values)
                         )
-                    )
-                conditions.append(
-                    elbv2.ListenerCondition.query_strings(query_string_conditions)
-                )
+                elif field == "path-pattern" and "values" in condition:
+                    path_patterns = condition.get("values", [])
+                    if path_patterns:
+                        conditions.append(elbv2.ListenerCondition.path_patterns(path_patterns))
+                elif field == "host-header" and "values" in condition:
+                    host_headers = condition.get("values", [])
+                    if host_headers:
+                        conditions.append(elbv2.ListenerCondition.host_headers(host_headers))
 
             # Configure actions
-            target_group_name = rule_config.get("target_group")
-            target_group = (
-                self.target_groups.get(target_group_name) if target_group_name else None
-            )
+            target_group = None
+            
+            # Parse AWS ALB actions format
+            aws_actions = rule_config.get("actions", [])
+            for action in aws_actions:
+                if action.get("type") == "forward":
+                    target_group_name = action.get("target_group")
+                    target_group = (
+                        self.target_groups.get(target_group_name) if target_group_name else None
+                    )
+                    break  # Use first forward action
 
-            if target_group:
+            # Validate that we have both conditions and target group before creating rule
+            if target_group and conditions:
                 # Create rule with forward action
                 elbv2.ApplicationListenerRule(
                     self,
@@ -526,6 +501,15 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
                     conditions=conditions,
                     target_groups=[target_group],
                 )
+            elif not conditions:
+                logger.warning(
+                    f"Skipping listener rule '{rule_id}' - no conditions defined. "
+                    f"CDK requires at least one condition for every rule."
+                )
+            elif not target_group:
+                logger.warning(
+                    f"Skipping listener rule '{rule_id}' - no valid target group found."
+                )
 
     def _add_ip_whitelist_rules(
         self,
@@ -672,36 +656,7 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
 
     def _export_cfn_outputs(self, lb_name: str) -> None:
         """Add CloudFormation outputs for the Load Balancer"""
-        if self.load_balancer:
-            # Load Balancer DNS Name
-            cdk.CfnOutput(
-                self,
-                f"{lb_name}-dns-name",
-                value=self.load_balancer.load_balancer_dns_name,
-                export_name=f"{self.deployment.build_resource_name(lb_name)}-dns-name",
-            )
-
-            # Load Balancer ARN
-            cdk.CfnOutput(
-                self,
-                f"{lb_name}-arn",
-                value=self.load_balancer.load_balancer_arn,
-                export_name=f"{self.deployment.build_resource_name(lb_name)}-arn",
-            )
-
-            # Target Group ARNs
-            for tg_name, target_group in self.target_groups.items():
-                # Normalize target group name for consistent CloudFormation export naming
-                normalized_tg_name = self.normalize_resource_name(
-                    tg_name, for_export=True
-                )
-                cdk.CfnOutput(
-                    self,
-                    f"{lb_name}-{normalized_tg_name}-arn",
-                    value=target_group.target_group_arn,
-                    export_name=f"{self.deployment.build_resource_name(lb_name)}-{normalized_tg_name}-arn",
-                )
-
+        return
     def _export_ssm_parameters(self, lb_name: str) -> None:
         """Export Load Balancer resources to SSM Parameter Store if configured"""
         if not self.load_balancer:
@@ -732,32 +687,4 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
 
     def _export_cfn_outputs(self, lb_name: str) -> None:
         """Add CloudFormation outputs for the Load Balancer"""
-        if self.load_balancer:
-            # Load Balancer DNS Name
-            cdk.CfnOutput(
-                self,
-                f"{lb_name}-dns-name",
-                value=self.load_balancer.load_balancer_dns_name,
-                export_name=f"{self.deployment.build_resource_name(lb_name)}-dns-name",
-            )
-
-            # Load Balancer ARN
-            cdk.CfnOutput(
-                self,
-                f"{lb_name}-arn",
-                value=self.load_balancer.load_balancer_arn,
-                export_name=f"{self.deployment.build_resource_name(lb_name)}-arn",
-            )
-
-            # Target Group ARNs
-            for tg_name, target_group in self.target_groups.items():
-                # Normalize target group name for consistent CloudFormation export naming
-                normalized_tg_name = self.normalize_resource_name(
-                    tg_name, for_export=True
-                )
-                cdk.CfnOutput(
-                    self,
-                    f"{lb_name}-{normalized_tg_name}-arn",
-                    value=target_group.target_group_arn,
-                    export_name=f"{self.deployment.build_resource_name(lb_name)}-{normalized_tg_name}-arn",
-                )
+        return