Package com.cloudforgeci.api.core

Class SystemContext

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
com.cloudforgeci.api.core.SystemContext
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
public final class SystemContext extends software.constructs.Construct

  • Field Details

    • topology

      public final TopologyType topology

    • runtime

      public final RuntimeType runtime

    • security

      public final SecurityProfile security

    • iamProfile

      public final IAMProfile iamProfile

    • cfc

      public final DeploymentContext cfc

    • stackName

      public final String stackName

    • securityProfileConfig

      public final Slot<SecurityProfileConfiguration> securityProfileConfig

    • applicationSpec

      public final Slot<ApplicationSpec> applicationSpec

    • vpc

      public final Slot<software.amazon.awscdk.services.ec2.Vpc> vpc

    • alb

      public final Slot<software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationLoadBalancer> alb

    • asg

      public final Slot<software.amazon.awscdk.services.autoscaling.AutoScalingGroup> asg

    • ec2Instance

      public final Slot<software.amazon.awscdk.services.ec2.Instance> ec2Instance

    • efs

      public final Slot<software.amazon.awscdk.services.efs.FileSystem> efs

    • logs

      public final Slot<software.amazon.awscdk.services.logs.LogGroup> logs

    • zone

      public final Slot<software.amazon.awscdk.services.route53.IHostedZone> zone

    • instanceSg

      public final Slot<software.amazon.awscdk.services.ec2.SecurityGroup> instanceSg

    • albTargetGroup

      public final Slot<software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationTargetGroup> albTargetGroup

    • httpsTargetsAdded

      public final Slot<Boolean> httpsTargetsAdded

    • wired

      public final Slot<Boolean> wired

    • dnsRecordsCreated

      public final Slot<Boolean> dnsRecordsCreated

    • dnsRecordsCallbackRegistered

      public final Slot<Boolean> dnsRecordsCallbackRegistered

    • asgAddedToTargetGroup

      public final Slot<Boolean> asgAddedToTargetGroup

    • scalingPoliciesApplied

      public final Slot<Boolean> scalingPoliciesApplied

    • fargateAutoscalingConfigured

      public final Slot<Boolean> fargateAutoscalingConfigured

    • fargateAutoscalingCallbackRegistered

      public final Slot<Boolean> fargateAutoscalingCallbackRegistered

    • ec2AutoscalingCallbackRegistered

      public final Slot<Boolean> ec2AutoscalingCallbackRegistered

    • albSg

      public final Slot<software.amazon.awscdk.services.ec2.SecurityGroup> albSg

    • http

      public final Slot<software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationListener> http

    • efsSg

      public final Slot<software.amazon.awscdk.services.ec2.SecurityGroup> efsSg

    • ap

      public final Slot<software.amazon.awscdk.services.efs.AccessPoint> ap

    • fargateService

      public final Slot<software.amazon.awscdk.services.ecs.FargateService> fargateService

    • fargateServiceSg

      public final Slot<software.amazon.awscdk.services.ec2.SecurityGroup> fargateServiceSg

    • fargateTaskDef

      public final Slot<software.amazon.awscdk.services.ecs.TaskDefinition> fargateTaskDef

    • container

      public final Slot<software.amazon.awscdk.services.ecs.ContainerDefinition> container

    • https

      public final Slot<software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationListener> https

    • cert

      public final Slot<software.amazon.awscdk.services.certificatemanager.ICertificate> cert

    • privateCa

      public final Slot<software.amazon.awscdk.services.acmpca.CfnCertificateAuthority> privateCa

    • identityCenter

      public final Slot<software.amazon.awscdk.CustomResource> identityCenter

    • cognitoIssuer

      public final Slot<String> cognitoIssuer

    • cognitoAuthorizationEndpoint

      public final Slot<String> cognitoAuthorizationEndpoint

    • cognitoTokenEndpoint

      public final Slot<String> cognitoTokenEndpoint

    • cognitoUserInfoEndpoint

      public final Slot<String> cognitoUserInfoEndpoint

    • cognitoLogoutEndpoint

      public final Slot<String> cognitoLogoutEndpoint

    • cognitoClientId

      public final Slot<String> cognitoClientId

    • cognitoClientSecretName

      public final Slot<String> cognitoClientSecretName

    • cognitoUserPoolId

      public final Slot<String> cognitoUserPoolId

    • cognitoDomainPrefix

      public final Slot<String> cognitoDomainPrefix

    • cognitoUserPool

      public final Slot<software.amazon.awscdk.services.cognito.IUserPool> cognitoUserPool

    • cognitoUserPoolClient

      public final Slot<software.amazon.awscdk.services.cognito.IUserPoolClient> cognitoUserPoolClient

    • cognitoUserPoolDomain

      public final Slot<software.amazon.awscdk.services.cognito.IUserPoolDomain> cognitoUserPoolDomain

    • rdsDatabase

      public final Slot<software.amazon.awscdk.services.rds.DatabaseInstance> rdsDatabase

    • dbCredentials

      public final Slot<software.amazon.awscdk.services.secretsmanager.Secret> dbCredentials

    • dbConnection

      public final Slot<DatabaseSpec.DatabaseConnection> dbConnection

    • dbSecurityGroup

      public final Slot<software.amazon.awscdk.services.ec2.SecurityGroup> dbSecurityGroup

    • dbConnectionStringComponents

      public final Slot<Map<String,String>> dbConnectionStringComponents

    • dbDatasourceParameter

      public final Slot<software.amazon.awscdk.services.ssm.StringParameter> dbDatasourceParameter

    • cognitoClientSecretResourceInternal

      public final Slot<software.constructs.IConstruct> cognitoClientSecretResourceInternal

    • applicationOidcConfig

      public final Slot<OidcConfiguration> applicationOidcConfig

    • applicationOidcClientSecretResource

      public final Slot<software.constructs.IConstruct> applicationOidcClientSecretResource

    • keycloakDeployed

      public final Slot<Boolean> keycloakDeployed

    • keycloakServiceUrl

      public final Slot<String> keycloakServiceUrl

    • sslEnabled

      public final Slot<Boolean> sslEnabled

    • httpRedirectEnabled

      public final Slot<Boolean> httpRedirectEnabled

    • networkMode

      public final Slot<String> networkMode

    • wafEnabled

      public final Slot<Boolean> wafEnabled

    • cloudfront

      public final Slot<Boolean> cloudfront

    • lbType

      public final Slot<String> lbType

    • minInstanceCapacity

      public final Slot<Integer> minInstanceCapacity

    • maxInstanceCapacity

      public final Slot<Integer> maxInstanceCapacity

    • cpuTargetUtilization

      public final Slot<Integer> cpuTargetUtilization

    • cpu

      public final Slot<Integer> cpu

    • memory

      public final Slot<Integer> memory

    • authMode

      public final Slot<String> authMode

    • ssoInstanceArn

      public final Slot<String> ssoInstanceArn

    • ssoGroupId

      public final Slot<String> ssoGroupId

    • ssoTargetAccountId

      public final Slot<String> ssoTargetAccountId

    • samlSiteUrl

      public final Slot<String> samlSiteUrl

    • samlAcsUrl

      public final Slot<String> samlAcsUrl

    • samlIdpMetadataUrl

      public final Slot<String> samlIdpMetadataUrl

    • samlIdpSsoUrl

      public final Slot<String> samlIdpSsoUrl

    • samlIdpEntityId

      public final Slot<String> samlIdpEntityId

    • samlIdpLogoutUrl

      public final Slot<String> samlIdpLogoutUrl

    • samlProviderType

      public final Slot<String> samlProviderType

    • samlConfigSecretArn

      public final Slot<String> samlConfigSecretArn

    • artifactsBucket

      public final Slot<String> artifactsBucket

    • artifactsPrefix

      public final Slot<String> artifactsPrefix

    • enableFlowlogs

      public final Slot<Boolean> enableFlowlogs

    • domain

      public final Slot<String> domain

    • subdomain

      public final Slot<String> subdomain

    • fqdn

      public final Slot<String> fqdn

    • websiteBucket

      public final Slot<software.amazon.awscdk.services.s3.Bucket> websiteBucket

    • distribution

      public final Slot<software.amazon.awscdk.services.cloudfront.Distribution> distribution

    • flowlogs

      public final Slot<software.amazon.awscdk.services.ec2.FlowLogOptions> flowlogs

    • wafWebAcl

      public final Slot<software.amazon.awscdk.services.wafv2.CfnWebACL> wafWebAcl

    • ec2InstanceRole

      public final Slot<software.amazon.awscdk.services.iam.Role> ec2InstanceRole

    • fargateExecutionRole

      public final Slot<software.amazon.awscdk.services.iam.Role> fargateExecutionRole

    • fargateTaskRole

      public final Slot<software.amazon.awscdk.services.iam.Role> fargateTaskRole

  • Method Details

    • start

      public static SystemContext start(software.constructs.Construct scope, TopologyType topology, RuntimeType runtime, SecurityProfile security, IAMProfile iamProfile, DeploymentContext cfc)
      Start once at the entry point; installs runtime + topology + security + iam rules and wiring.

    • of

      public static SystemContext of(software.constructs.Construct scope)
      Fetch the already-started context anywhere down the tree.

    • once

      public boolean once(String key, Runnable r)
      Guard to register a wiring block only once per Stack.

    • executeDeferredActions

      public void executeDeferredActions()
      Execute all deferred actions. Call this after all factories are created.

    • requireConfigRule

      public void requireConfigRule(AwsConfigRule rule)
      Register an AWS Config rule as required for this deployment. Factories call this method where they create the infrastructure being monitored. Duplicate rules are automatically deduplicated via Set.
      Parameters:
      rule - The AWS Config rule to require

    • requireConfigRulesForControl

      public void requireConfigRulesForControl(ComplianceMatrix.SecurityControl control)
      Register all AWS Config rules for a specific security control. Use this when enabling a security control (e.g., ENCRYPTION_AT_REST) to automatically include all related Config rules.
      Parameters:
      control - The security control to get rules for

    • getRequiredConfigRules

      public Set<AwsConfigRule> getRequiredConfigRules()
      Get all required AWS Config rules collected from factories. Called by ComplianceFactory to deploy the rules.
      Returns:
      Unmodifiable set of required Config rules

    • debugPath

      public String debugPath(software.constructs.Construct scope)

    • presentSlots

      public String presentSlots()

    • createInfrastructureFactories

      public SystemContext.InfrastructureFactories createInfrastructureFactories(software.constructs.Construct scope, String idPrefix)
      Creates infrastructure factories in the correct order with proper context injection. This orchestration layer ensures that infrastructure factories are created consistently and can be reused across different application factories.
      Parameters:
      scope - The CDK construct scope
      idPrefix - Prefix for factory IDs (e.g., "Jenkins", "MyApp")
      Returns:
      InfrastructureFactories containing references to created factories

    • createVpcFactory

      public VpcFactory createVpcFactory(software.constructs.Construct scope, String idPrefix)
      Creates a VPC factory with proper context injection.

    • createAlbFactory

      public AlbFactory createAlbFactory(software.constructs.Construct scope, String idPrefix)
      Creates an ALB factory with proper context injection.

    • createEfsFactory

      public EfsFactory createEfsFactory(software.constructs.Construct scope, String idPrefix)
      Creates an EFS factory with proper context injection.

    • createLoggingFactory

      public LoggingCwFactory createLoggingFactory(software.constructs.Construct scope, String idPrefix)
      Creates a logging factory with proper context injection.

    • createGuardDutyFactory

      public void createGuardDutyFactory(software.constructs.Construct scope, String idPrefix)
      Creates GuardDuty threat detection factory. Conditionally enabled based on security profile or explicit configuration.

    • createSecurityFactories

      public void createSecurityFactories(software.constructs.Construct scope, String idPrefix)
      Creates security-related factories (Certificate, OIDC, Identity Center). These factories are conditionally created based on context configuration. IMPORTANT: Certificate is created LAST to ensure proper CloudFormation deletion order. When deleting a stack, CloudFormation deletes resources in reverse creation order. By creating the certificate last, it will be deleted first, before the ALB HTTPS listener, preventing "Certificate in use" deletion errors.

    • createTargetGroups

      public void createTargetGroups(software.constructs.Construct scope, String idPrefix)
      Creates target groups orchestrated by SystemContext. This centralizes target group management and prevents duplicates. For HTTPS_STRICT mode (PCI-DSS compliance), target group creation is deferred to Ec2RuntimeConfiguration which creates them after the HTTPS listener exists.

    • createInstanceSecurityGroup

      public software.amazon.awscdk.services.ec2.SecurityGroup createInstanceSecurityGroup(software.constructs.Construct scope, String idPrefix)
      Creates instance security group for EC2 deployments. This is infrastructure-specific but not a full factory.

    • createJenkinsDeployment

      public SystemContext.JenkinsDeployment createJenkinsDeployment(software.constructs.Construct scope, String id)
      Creates a complete Jenkins deployment with infrastructure and Jenkins-specific resources. Supports both Fargate and EC2 runtimes with optional domain and SSL.
      Parameters:
      scope - The CDK construct scope
      id - Unique identifier for the Jenkins deployment
      Returns:
      JenkinsDeployment containing all created resources

    • createS3CloudFrontDeployment

      public SystemContext.S3CloudFrontDeployment createS3CloudFrontDeployment(software.constructs.Construct scope, String id)
      Creates a complete S3 + CloudFront deployment for static web applications. Supports Angular, React, or any static site with optional domain.
      Parameters:
      scope - The CDK construct scope
      id - Unique identifier for the S3 deployment
      Returns:
      S3CloudFrontDeployment containing all created resources