cdk-factory 0.8.4__tar.gz → 0.8.5__tar.gz

cdk_factory-0.8.5/BUG_FIX_SSM_IMPORTS_METADATA_FIELDS.md

@@ -0,0 +1,123 @@
+# Bug Fix: SSM Imports Processing Metadata Fields as Parameters
+
+## Issue Summary
+
+**Error:** `Unable to fetch parameters [geekcafe,prod] from parameter store for this account`
+
+**Root Cause:** The SSM imports configuration processor was treating metadata fields (`workload`, `environment`) as actual parameters to import, causing CloudFormation to try fetching non-existent SSM parameters named "geekcafe" and "prod".
+
+## The Bug
+
+### Configuration Example
+```json
+{
+  "ssm": {
+    "imports": {
+      "workload": "geekcafe",       // ❌ Incorrectly treated as parameter to import
+      "environment": "prod",         // ❌ Incorrectly treated as parameter to import
+      "user_pool_arn": "auto"       // ✅ Actual parameter to import
+    }
+  }
+}
+```
+
+### What Was Happening
+The code in `enhanced_ssm_config.py` (line 140) iterated through ALL keys in the `imports` dict:
+
+```python
+for attribute, import_value in self.ssm_imports.items():
+    # This was processing workload, environment, AND user_pool_arn
+    definitions.append(...)
+```
+
+This caused it to try to import:
+1. ❌ SSM parameter named "geekcafe" (from `workload` key)
+2. ❌ SSM parameter named "prod" (from `environment` key)
+3. ✅ SSM parameter for `user_pool_arn` (the actual import)
+
+CloudFormation then failed trying to fetch parameters "[geekcafe,prod]" which don't exist.
+
+## The Fix
+
+### Code Change
+**File:** `src/cdk_factory/configurations/enhanced_ssm_config.py`
+**Lines:** 140-146
+
+```python
+# Handle dict format: {"attribute": "auto" or path}
+# Skip metadata fields that are not actual imports
+metadata_fields = {"workload", "environment", "organization"}
+
+for attribute, import_value in self.ssm_imports.items():
+    # Skip metadata fields - they specify context, not what to import
+    if attribute in metadata_fields:
+        continue
+    
+    # Process actual imports...
+```
+
+### What Changed
+- Added a set of `metadata_fields` that should be skipped
+- Added a check to skip these fields before processing
+- Now only actual resource imports (like `user_pool_arn`) are processed
+
+## Testing
+
+### Test File
+`tests/unit/test_cognito_ssm_path_resolution.py`
+
+### Test Verification
+```python
+ssm_imports={
+    "workload": "geekcafe",      # Should be SKIPPED
+    "environment": "prod",        # Should be SKIPPED  
+    "user_pool_arn": "auto"      # Should be processed
+}
+
+import_defs = config.get_import_definitions()
+assert len(import_defs) == 1  # Only user_pool_arn, not workload/environment
+```
+
+## Impact
+
+### Before Fix
+- ❌ CloudFormation deployment failed with "Unable to fetch parameters [geekcafe,prod]"
+- ❌ Auto-import feature (`"user_pool_arn": "auto"`) was broken
+- ❌ Users had to use explicit paths as workaround
+
+### After Fix
+- ✅ CloudFormation deployment succeeds
+- ✅ Auto-import feature works correctly
+- ✅ Metadata fields are correctly recognized as context, not imports
+- ✅ Only actual resource imports are processed
+
+## Related Issues
+
+This fix resolves the issue where API Gateway could not auto-import Cognito User Pool ARN from SSM Parameter Store, even though:
+1. The path resolution logic was correct (`/geekcafe/prod/cognito/user-pool/user-pool-arn`)
+2. The SSM parameter existed in AWS
+3. The configuration looked correct
+
+The bug was subtle - the metadata fields used to specify WHERE to look were being processed as WHAT to import.
+
+## Migration Notes
+
+No configuration changes required. Existing configurations will work correctly after this fix. The metadata fields (`workload`, `environment`) can remain in the `imports` section - they will now be properly filtered out.
+
+## Files Changed
+
+1. `src/cdk_factory/configurations/enhanced_ssm_config.py` - Core fix
+2. `tests/unit/test_cognito_ssm_path_resolution.py` - New test
+3. `tests/unit/test_api_gateway_cognito_auto_import.py` - Diagnostic test
+
+## Verified Scenarios
+
+- ✅ API Gateway auto-importing Cognito User Pool ARN
+- ✅ Lambda auto-importing DynamoDB table names
+- ✅ RDS auto-importing VPC IDs
+- ✅ Mixed explicit paths and auto-discovery
+
+## Version
+
+Fixed in: Next release
+Issue reported: 2025-10-10

{cdk_factory-0.8.4 → cdk_factory-0.8.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.8.4
+Version: 0.8.5
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.8.4 → cdk_factory-0.8.5}/pyproject.toml

@@ -33,7 +33,7 @@ markers = [
 [project]
 
 name = "cdk_factory"
-version = "0.8.4"
+version = "0.8.5"
 authors = [
   { name="Eric Wilson", email="eric.wilson@geekcafe.com" }
 ]

{cdk_factory-0.8.4 → cdk_factory-0.8.5}/src/cdk_factory/configurations/enhanced_ssm_config.py

@@ -137,7 +137,14 @@ class EnhancedSsmConfig:
         if self.ssm_imports:
             if isinstance(self.ssm_imports, dict):
                 # Handle dict format: {"attribute": "auto" or path}
+                # Skip metadata fields that are not actual imports
+                metadata_fields = {"workload", "environment", "organization"}
+                
                 for attribute, import_value in self.ssm_imports.items():
+                    # Skip metadata fields - they specify context, not what to import
+                    if attribute in metadata_fields:
+                        continue
+                        
                     if import_value == "auto":
                         # Use auto-discovery with source mapping
                         imports_config = RESOURCE_AUTO_IMPORTS.get(self.resource_type, {})

cdk_factory-0.8.5/src/cdk_factory/version.py

@@ -0,0 +1 @@
+__version__ = "0.8.5"

cdk_factory-0.8.4/GEEK_CAFE_FIX.md

@@ -1,241 +0,0 @@
-# Fix for geek-cafe Cognito Error
-
-## The Problem
-
-```
-ValueError: User pool ID is required for API Gateway authorizer.
-```
-
-Your API Gateway stack can't find the Cognito User Pool because the new separated pattern requires **SSM imports** instead of environment variables.
-
-## Quick Fix
-
-In your `/Users/eric.wilson/Projects/geek-cafe/geek-cafe-web/geek-cafe-lambdas/cdk` config:
-
-### Option 1: Add SSM Import (Recommended)
-
-**api-gateway-stack.json:**
-```json
-{
-  "name": "geek-cafe-prod-api-gateway",
-  "module": "api_gateway_stack",
-  "api_gateway": {
-    "name": "geek-cafe-prod-api",
-    "api_type": "REST",
-    "stage_name": "prod",
-    "ssm": {
-      "enabled": true,
-      "auto_export": true,
-      "workload": "geek-cafe",
-      "environment": "prod",
-      "imports": {
-        "workload": "geek-cafe",
-        "environment": "prod",
-        "user_pool_arn": "auto"  // ✅ ADD THIS - imports from Cognito stack
-      }
-    },
-    "cognito_authorizer": {
-      "authorizer_name": "geek-cafe-cognito-authorizer"
-    },
-    "routes": [...]
-  }
-}
-```
-
-This assumes your Cognito stack is configured to export:
-```json
-{
-  "name": "geek-cafe-prod-cognito",
-  "module": "cognito_stack",
-  "ssm": {
-    "enabled": true,
-    "auto_export": true,  // ✅ Must be enabled
-    "workload": "geek-cafe",
-    "environment": "prod"
-  }
-}
-```
-
-### Option 2: Use Explicit SSM Path
-
-If auto-discovery doesn't work, find the exact SSM parameter:
-
-```bash
-# Find the parameter
-aws ssm get-parameters-by-path --path "/geek-cafe/prod/cognito" --recursive
-```
-
-Then use the explicit path:
-```json
-{
-  "api_gateway": {
-    "ssm": {
-      "imports": {
-        "user_pool_arn": "/geek-cafe/prod/cognito/user-pool/user-pool-arn"
-      }
-    }
-  }
-}
-```
-
-### Option 3: Direct ARN (Quick Temporary Fix)
-
-If you just need to deploy NOW and fix properly later:
-
-```json
-{
-  "api_gateway": {
-    "cognito_authorizer": {
-      "authorizer_name": "geek-cafe-authorizer",
-      "user_pool_arn": "arn:aws:cognito-idp:us-east-1:ACCOUNT_ID:userpool/us-east-1_XXXXX"
-    }
-  }
-}
-```
-
-Get the ARN from AWS Console → Cognito → User Pools → geek-cafe-prod → ARN
-
-## Deployment Order
-
-With the new pattern, deploy in this order:
-
-```bash
-# 1. Deploy Cognito (if separate stack)
-cdk deploy geek-cafe-prod-cognito
-
-# 2. Deploy Lambdas
-cdk deploy geek-cafe-prod-lambdas
-
-# 3. Deploy API Gateway (imports from both above)
-cdk deploy geek-cafe-prod-api-gateway
-```
-
-Or set up a pipeline with stages:
-```json
-{
-  "pipeline": {
-    "stages": [
-      {"name": "infrastructure", "stacks": ["cognito-stack"]},
-      {"name": "lambdas", "stacks": ["lambda-stack"]},
-      {"name": "api-gateway", "stacks": ["api-gateway-stack"]}
-    ]
-  }
-}
-```
-
-## Verify SSM Parameters Exist
-
-```bash
-# Check what Cognito exported
-aws ssm get-parameter --name "/geek-cafe/prod/cognito/user-pool/user-pool-arn"
-
-# Check what Lambda exported
-aws ssm get-parameters-by-path --path "/geek-cafe/prod/lambda" --recursive
-
-# Check what API Gateway exported
-aws ssm get-parameters-by-path --path "/geek-cafe/prod/api-gateway" --recursive
-```
-
-## Complete Example Config
-
-**cognito-stack.json:**
-```json
-{
-  "name": "geek-cafe-prod-cognito",
-  "module": "cognito_stack",
-  "ssm": {
-    "enabled": true,
-    "auto_export": true,
-    "workload": "geek-cafe",
-    "environment": "prod"
-  },
-  "cognito": {
-    "user_pool_name": "geek-cafe-prod",
-    "exists": false
-  }
-}
-```
-
-**lambda-stack.json:**
-```json
-{
-  "name": "geek-cafe-prod-lambdas",
-  "module": "lambda_stack",
-  "ssm": {
-    "enabled": true,
-    "workload": "geek-cafe",
-    "environment": "prod"
-  },
-  "resources": [
-    {
-      "name": "geek-cafe-prod-get-cafes",
-      "src": "./src/handlers/cafes",
-      "handler": "get_cafes.lambda_handler"
-    }
-  ]
-}
-```
-
-**api-gateway-stack.json:**
-```json
-{
-  "name": "geek-cafe-prod-api-gateway",
-  "module": "api_gateway_stack",
-  "api_gateway": {
-    "name": "geek-cafe-prod-api",
-    "api_type": "REST",
-    "stage_name": "prod",
-    "ssm": {
-      "enabled": true,
-      "auto_export": true,
-      "workload": "geek-cafe",
-      "environment": "prod",
-      "imports": {
-        "workload": "geek-cafe",
-        "environment": "prod",
-        "user_pool_arn": "auto"  // ✅ This is the key fix
-      }
-    },
-    "cognito_authorizer": {
-      "authorizer_name": "geek-cafe-cognito-authorizer"
-    },
-    "routes": [
-      {
-        "path": "/cafes",
-        "method": "GET",
-        "lambda_name": "geek-cafe-prod-get-cafes",
-        "authorization_type": "COGNITO_USER_POOLS"
-      }
-    ]
-  }
-}
-```
-
-## Summary of Changes
-
-| Old Pattern (Combined) | New Pattern (Separated) |
-|------------------------|-------------------------|
-| `COGNITO_USER_POOL_ID` env var | SSM import with `user_pool_arn: "auto"` |
-| Single stack with Lambda + API | Three stacks: Cognito → Lambda → API Gateway |
-| Environment vars in CI/CD | Config-driven SSM parameters |
-| `"exports": {"enabled": true}` ❌ | `"auto_export": true` ✅ |
-
-## If Still Having Issues
-
-1. **Check CDK Factory version:**
-   ```bash
-   pip show cdk-factory
-   # Should be v0.8.0 or higher
-   ```
-
-2. **Enable debug logging:**
-   ```bash
-   export LOG_LEVEL=DEBUG
-   cdk deploy
-   ```
-
-3. **Verify workload/environment match** in all three stacks
-
-4. **Check SSM permissions** in your deployment role
-
-5. **Use explicit path** as fallback if auto-discovery fails

cdk_factory-0.8.4/src/cdk_factory/version.py

@@ -1 +0,0 @@
-__version__ = "0.8.4"